Vendor CVEs
Adobe Inc.
All CVEs
7,266 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0931 | Hig | 0.58 | 8.8 | 0.06 | Jan 14, 2016 | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via… | ||
| CVE-2015-8650 | Hig | 0.58 | 8.8 | 0.07 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8649 | Hig | 0.58 | 8.8 | 0.07 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8648 | Hig | 0.58 | 8.8 | 0.07 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8647 | Hig | 0.58 | 8.8 | 0.07 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8646 | Hig | 0.58 | 8.8 | 0.06 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8645 | Hig | 0.58 | 8.8 | 0.07 | Dec 28, 2015 | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code… | ||
| CVE-2015-8643 | Hig | 0.58 | 8.8 | 0.06 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8642 | Hig | 0.58 | 8.8 | 0.06 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8641 | Hig | 0.58 | 8.8 | 0.06 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8640 | Hig | 0.58 | 8.8 | 0.06 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8639 | Hig | 0.58 | 8.8 | 0.07 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8638 | Hig | 0.58 | 8.8 | 0.07 | Dec 28, 2015 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows… | ||
| CVE-2015-8460 | Hig | 0.58 | 8.8 | 0.05 | Dec 28, 2015 | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code… | ||
| CVE-2011-0627 | Hig | 0.58 | 8.8 | 0.05 | May 13, 2011 | Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May… | ||
| CVE-2010-1283 | Hig | 0.58 | 8.8 | 0.06 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. | ||
| CVE-2010-1281 | Hig | 0.58 | 8.8 | 0.07 | May 13, 2010 | iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka… | ||
| CVE-2010-0987 | Hig | 0.58 | 8.8 | 0.11 | May 13, 2010 | Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. | ||
| CVE-2010-0986 | Hig | 0.58 | 8.8 | 0.05 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. | ||
| CVE-2010-0130 | Hig | 0.58 | 8.8 | 0.07 | May 13, 2010 | Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. | ||
| CVE-2010-0129 | Hig | 0.58 | 8.8 | 0.06 | May 13, 2010 | Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. | ||
| CVE-2010-0127 | Hig | 0.58 | 8.8 | 0.05 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. | ||
| CVE-2010-0378 | Hig | 0.58 | 8.8 | 0.06 | Jan 21, 2010 | Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie… | ||
| CVE-2026-47932 | Hig | 0.57 | 8.8 | 0.08 | Jun 9, 2026 | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized… | ||
| CVE-2026-34653 | Hig | 0.57 | 8.7 | 0.01 | May 12, 2026 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An… | ||
| CVE-2026-34617 | Hig | 0.57 | 8.7 | 0.00 | Apr 14, 2026 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining… | ||
| CVE-2023-38219 | Hig | 0.57 | 8.7 | 0.01 | Oct 13, 2023 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into… | ||
| CVE-2023-38218 | Hig | 0.57 | 8.8 | 0.01 | Oct 13, 2023 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation. | ||
| CVE-2023-4665 | Hig | 0.57 | 8.8 | 0.01 | Sep 15, 2023 | Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | ||
| CVE-2023-4664 | Hig | 0.57 | 8.8 | 0.01 | Sep 15, 2023 | Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | ||
| CVE-2022-42344 | Hig | 0.57 | 8.8 | 0.01 | Oct 20, 2022 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation. | ||
| CVE-2022-30670 | Hig | 0.57 | 8.8 | 0.01 | Jun 16, 2022 | RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this… | ||
| CVE-2021-39843 | Hig | 0.57 | 7.8 | 0.76 | Sep 29, 2021 | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this… | ||
| CVE-2021-28564 | Hig | 0.57 | 8.8 | 0.04 | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to… | ||
| CVE-2021-28561 | Hig | 0.57 | 8.8 | 0.03 | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-28553 | Hig | 0.57 | 8.8 | 0.04 | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-28642 | Hig | 0.57 | 8.8 | 0.04 | Aug 20, 2021 | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the… | ||
| CVE-2021-36004 | Hig | 0.57 | 8.8 | 0.02 | Jul 30, 2021 | Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue… | ||
| CVE-2021-21101 | Hig | 0.57 | 8.8 | 0.03 | Jun 28, 2021 | Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.… | ||
| CVE-2020-9687 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9685 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9684 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9580 | Cri | 0.57 | 9.8 | 0.05 | Jun 26, 2020 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9579 | Cri | 0.57 | 9.8 | 0.05 | Jun 26, 2020 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9578 | Cri | 0.57 | 9.8 | 0.06 | Jun 26, 2020 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9576 | Cri | 0.57 | 9.8 | 0.06 | Jun 26, 2020 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-3790 | Hig | 0.57 | 8.8 | 0.04 | Mar 25, 2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-3739 | Hig | 0.57 | 8.8 | 0.04 | Feb 13, 2020 | Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2019-8158 | Cri | 0.57 | 9.8 | 0.01 | Nov 6, 2019 | An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted… | ||
| CVE-2019-8149 | Cri | 0.57 | 9.8 | 0.02 | Nov 6, 2019 | Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication. |
- risk 0.58cvss 8.8epss 0.06
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…
- risk 0.58cvss 8.8epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.06
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.07
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code…
- risk 0.58cvss 8.8epss 0.06
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.06
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.06
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.06
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows…
- risk 0.58cvss 8.8epss 0.05
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code…
- risk 0.58cvss 8.8epss 0.05
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May…
- risk 0.58cvss 8.8epss 0.06
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
- risk 0.58cvss 8.8epss 0.07
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka…
- risk 0.58cvss 8.8epss 0.11
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.
- risk 0.58cvss 8.8epss 0.05
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
- risk 0.58cvss 8.8epss 0.07
Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.
- risk 0.58cvss 8.8epss 0.06
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.
- risk 0.58cvss 8.8epss 0.05
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.
- risk 0.58cvss 8.8epss 0.06
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie…
- risk 0.57cvss 8.8epss 0.08
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized…
- risk 0.57cvss 8.7epss 0.01
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An…
- risk 0.57cvss 8.7epss 0.00
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining…
- risk 0.57cvss 8.7epss 0.01
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
- risk 0.57cvss 8.8epss 0.01
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.
- risk 0.57cvss 8.8epss 0.01
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
- risk 0.57cvss 8.8epss 0.01
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
- risk 0.57cvss 8.8epss 0.01
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.
- risk 0.57cvss 8.8epss 0.01
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this…
- risk 0.57cvss 7.8epss 0.76
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this…
- risk 0.57cvss 8.8epss 0.04
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to…
- risk 0.57cvss 8.8epss 0.03
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.57cvss 8.8epss 0.04
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.57cvss 8.8epss 0.04
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the…
- risk 0.57cvss 8.8epss 0.02
Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue…
- risk 0.57cvss 8.8epss 0.03
Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…
- risk 0.57cvss 8.8epss 0.03
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.57cvss 8.8epss 0.03
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.57cvss 8.8epss 0.03
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.57cvss 9.8epss 0.05
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.57cvss 9.8epss 0.05
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.57cvss 9.8epss 0.06
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.57cvss 9.8epss 0.06
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.57cvss 8.8epss 0.04
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.57cvss 8.8epss 0.04
Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.57cvss 9.8epss 0.01
An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted…
- risk 0.57cvss 9.8epss 0.02
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication.
Page 27 of 146