VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,262 total · sorted by risk
  • CVE-2023-4664HigSep 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.

  • CVE-2016-7885HigDec 15, 2016
    risk 0.57cvss 8.8epss 0.03

    Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.

  • CVE-2016-0948HigFeb 10, 2016
    risk 0.57cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2026-47906HigJun 9, 2026
    risk 0.56cvss 8.6epss 0.00

    Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…

  • CVE-2026-27290HigApr 14, 2026
    risk 0.56cvss 8.6epss 0.00

    Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then…

  • CVE-2026-27305HigApr 14, 2026
    risk 0.56cvss 8.6epss 0.29

    ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files…

  • CVE-2026-34622HigApr 14, 2026
    risk 0.56cvss 8.6epss 0.00

    Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current…

  • CVE-2026-47931HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.01

    ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

  • CVE-2026-47929HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.08

    ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or…

  • CVE-2026-27306HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.00

    ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user…

  • CVE-2017-3064HigApr 12, 2017
    risk 0.55cvss 7.8epss 0.13

    Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-4232HigJul 13, 2016
    risk 0.55cvss 7.5epss 0.36

    Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors.

  • CVE-2016-4108HigMay 11, 2016
    risk 0.55cvss 7.5epss 0.38

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1106HigMay 11, 2016
    risk 0.55cvss 7.5epss 0.37

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1105HigMay 11, 2016
    risk 0.55cvss 7.5epss 0.38

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1104HigMay 11, 2016
    risk 0.55cvss 7.5epss 0.40

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1103HigMay 11, 2016
    risk 0.55cvss 7.5epss 0.38

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1102HigMay 11, 2016
    risk 0.55cvss 7.5epss 0.40

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1101HigMay 11, 2016
    risk 0.55cvss 7.5epss 0.38

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1096HigMay 11, 2016
    risk 0.55cvss 7.5epss 0.40

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1008HigMar 9, 2016
    risk 0.55cvss 8.4epss 0.01

    Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan…

  • CVE-2016-0956HigFeb 10, 2016
    risk 0.55cvss 7.5epss 0.46

    The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2018-12827HigAug 29, 2018
    risk 0.54cvss 7.5epss 0.32

    Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2009-3489HigSep 30, 2009
    risk 0.54cvss 7.8epss 0.02

    Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath…

  • CVE-2026-47930HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write…

  • CVE-2026-47907HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.00

    Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.…

  • CVE-2026-34632HigApr 15, 2026
    risk 0.53cvss 8.2epss 0.00

    Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search…

  • CVE-2025-61813HigDec 10, 2025
    risk 0.53cvss 8.2epss 0.00

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the…

  • CVE-2025-49552HigOct 14, 2025
    risk 0.53cvss 8.1epss 0.00

    Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a…

  • CVE-2018-5006HigJul 20, 2018
    risk 0.53cvss 7.5epss 0.54

    Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2017-2946HigJan 11, 2017
    risk 0.53cvss 7.8epss 0.24

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-1030HigApr 9, 2016
    risk 0.53cvss 8.1epss 0.05

    Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2016-1006HigApr 9, 2016
    risk 0.53cvss 8.1epss 0.04

    Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass the ASLR protection mechanism via JIT data.

  • CVE-2016-0957HigFeb 10, 2016
    risk 0.53cvss 7.5epss 0.51

    Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

  • CVE-2005-1306HigJun 15, 2005
    risk 0.53cvss 7.5epss 0.15

    The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

  • CVE-2026-34693HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or…

  • CVE-2018-4985HigJul 9, 2018
    risk 0.52cvss 7.5epss 0.37

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4956HigJul 9, 2018
    risk 0.52cvss 7.5epss 0.36

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4949HigJul 9, 2018
    risk 0.52cvss 7.5epss 0.36

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2017-3055HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.14

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3048HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.14

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to…

  • CVE-2017-3044HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.19

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3042HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.14

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-2966HigJan 11, 2017
    risk 0.52cvss 7.8epss 0.11

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code…

  • CVE-2017-2960HigJan 11, 2017
    risk 0.52cvss 7.8epss 0.19

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code…

  • CVE-2017-2959HigJan 11, 2017
    risk 0.52cvss 7.8epss 0.11

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary…

  • CVE-2017-2949HigJan 11, 2017
    risk 0.52cvss 7.8epss 0.20

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.

  • CVE-2012-0767MedKEVFeb 16, 2012
    risk 0.52cvss 6.1epss 0.07

    Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web…

  • CVE-2026-47964HigJun 16, 2026
    risk 0.51cvss 7.8epss 0.00

    DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-47965HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

Page 19 of 146