Dreamweaver
by Adobe Inc.
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47906 | Hig | 0.56 | 8.6 | 0.00 | Jun 9, 2026 | Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim… | ||
| CVE-2026-47907 | Hig | 0.53 | 8.2 | 0.00 | Jun 9, 2026 | Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.… | ||
| CVE-2026-47908 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-47910 | Med | 0.41 | 6.3 | 0.00 | Jun 9, 2026 | Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.… | ||
| CVE-2026-47909 | Med | 0.41 | 6.3 | 0.00 | Jun 9, 2026 | Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.… | ||
| CVE-2010-3132 | 0.04 | — | 0.14 | Aug 26, 2010 | Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2)… | |||
| CVE-2026-21267 | 0.00 | — | 0.01 | Jan 13, 2026 | Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user… | |||
| CVE-2026-21271 | 0.00 | — | 0.00 | Jan 13, 2026 | Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | |||
| CVE-2026-21274 | 0.00 | — | 0.00 | Jan 13, 2026 | Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute… | |||
| CVE-2026-21272 | 0.00 | — | 0.00 | Jan 13, 2026 | Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of… | |||
| CVE-2026-21268 | 0.00 | — | 0.00 | Jan 13, 2026 | Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | |||
| CVE-2025-54256 | 0.00 | — | 0.00 | Sep 9, 2025 | Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must click on a… | |||
| CVE-2025-30310 | 0.00 | — | 0.00 | May 13, 2025 | Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in… | |||
| CVE-2024-30314 | 0.00 | — | 0.01 | May 16, 2024 | Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user… | |||
| CVE-2021-21055 | 0.00 | — | 0.01 | Feb 11, 2021 | Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries… | |||
| CVE-2020-24425 | 0.00 | — | 0.01 | Oct 21, 2020 | Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with… | |||
| CVE-2019-7956 | 0.00 | — | 0.03 | Jul 18, 2019 | Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. | |||
| CVE-2019-7097 | 0.00 | — | 0.04 | May 23, 2019 | Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack. | |||
| CVE-2008-6062 | 0.00 | — | 0.02 | Feb 5, 2009 | Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName… | |||
| CVE-2006-2042 | 0.00 | — | 0.05 | May 9, 2006 | Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. |
- risk 0.56cvss 8.6epss 0.00
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…
- risk 0.53cvss 8.2epss 0.00
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.…
- risk 0.51cvss 7.8epss 0.00
Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.41cvss 6.3epss 0.00
Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.…
- risk 0.41cvss 6.3epss 0.00
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.…
- CVE-2010-3132Aug 26, 2010risk 0.04cvss —epss 0.14
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2)…
- CVE-2026-21267Jan 13, 2026risk 0.00cvss —epss 0.01
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user…
- CVE-2026-21271Jan 13, 2026risk 0.00cvss —epss 0.00
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- CVE-2026-21274Jan 13, 2026risk 0.00cvss —epss 0.00
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute…
- CVE-2026-21272Jan 13, 2026risk 0.00cvss —epss 0.00
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of…
- CVE-2026-21268Jan 13, 2026risk 0.00cvss —epss 0.00
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- CVE-2025-54256Sep 9, 2025risk 0.00cvss —epss 0.00
Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must click on a…
- CVE-2025-30310May 13, 2025risk 0.00cvss —epss 0.00
Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2024-30314May 16, 2024risk 0.00cvss —epss 0.01
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user…
- CVE-2021-21055Feb 11, 2021risk 0.00cvss —epss 0.01
Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries…
- CVE-2020-24425Oct 21, 2020risk 0.00cvss —epss 0.01
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with…
- CVE-2019-7956Jul 18, 2019risk 0.00cvss —epss 0.03
Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
- CVE-2019-7097May 23, 2019risk 0.00cvss —epss 0.04
Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack.
- CVE-2008-6062Feb 5, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName…
- CVE-2006-2042May 9, 2006risk 0.00cvss —epss 0.05
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
Page 1 of 2