VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,389 total · sorted by risk
  • CVE-2016-7887HigDec 15, 2016
    risk 0.49cvss 7.5epss 0.05

    Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.

  • CVE-2016-6936HigSep 16, 2016
    risk 0.49cvss 7.5epss 0.04

    Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.

  • CVE-2016-4216HigJul 13, 2016
    risk 0.49cvss 7.5epss 0.04

    XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2016-4116HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-4115HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-4114HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-4113HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-4112HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-4111HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-4110HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-4109HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1110HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1109HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1108HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1107HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1097HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.08

    Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

  • CVE-2016-1092HigMay 11, 2016
    risk 0.49cvss 7.5epss 0.04

    Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a…

  • CVE-2016-1035HigApr 12, 2016
    risk 0.49cvss 7.5epss 0.04

    Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-0958HigFeb 10, 2016
    risk 0.49cvss 7.5epss 0.04

    Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.

  • CVE-2009-3791HigDec 21, 2009
    risk 0.49cvss 7.5epss 0.03

    Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors.

  • CVE-2026-47960HigJun 9, 2026
    risk 0.48cvss 7.4epss 0.00

    ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories…

  • CVE-2026-47937HigJun 9, 2026
    risk 0.48cvss 7.4epss 0.00

    Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…

  • CVE-2026-34647HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.00

    Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass…

  • CVE-2024-39398HigAug 14, 2024
    risk 0.48cvss 7.4epss 0.01

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute…

  • CVE-2021-40699HigSep 7, 2023
    risk 0.48cvss 7.4epss 0.00

    ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary…

  • CVE-2021-40698HigSep 7, 2023
    risk 0.48cvss 7.4epss 0.01

    ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass  . An authenticated attacker could leverage this vulnerability to access and…

  • CVE-2021-40708HigSep 29, 2021
    risk 0.48cvss 7.3epss 0.02

    Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is…

  • CVE-2021-35982HigSep 29, 2021
    risk 0.48cvss 7.3epss 0.02

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. A local attacker with non-administrative privileges can plant a malicious DLL to achieve…

  • CVE-2021-28613HigSep 27, 2021
    risk 0.48cvss 7.4epss 0.00

    Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction.

  • CVE-2021-28581HigSep 8, 2021
    risk 0.48cvss 7.3epss 0.01

    Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine.

  • CVE-2021-28636HigAug 20, 2021
    risk 0.48cvss 7.3epss 0.02

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to…

  • CVE-2021-21084HigJun 28, 2021
    risk 0.48cvss 7.3epss 0.02

    AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.…

  • CVE-2018-4936MedMay 19, 2018
    risk 0.48cvss 6.5epss 0.29

    Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2017-3085HigAug 11, 2017
    risk 0.48cvss 7.4epss 0.04

    Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

  • CVE-2016-4158HigJun 16, 2016
    risk 0.48cvss 7.3epss 0.03

    Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

  • CVE-2016-4157HigJun 16, 2016
    risk 0.48cvss 7.3epss 0.01

    Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory.

  • CVE-2016-1014HigApr 9, 2016
    risk 0.48cvss 7.3epss 0.01

    Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.

  • CVE-2025-43566MedMay 13, 2025
    risk 0.47cvss 6.8epss 0.38

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to…

  • CVE-2024-34110HigJun 13, 2024
    risk 0.47cvss 7.2epss 0.01

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a…

  • CVE-2024-34109HigJun 13, 2024
    risk 0.47cvss 7.2epss 0.02

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but…

  • CVE-2023-22273HigNov 17, 2023
    risk 0.47cvss 7.2epss 0.02

    Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not…

  • CVE-2021-36036HigSep 6, 2023
    risk 0.47cvss 7.2epss 0.02

    Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker…

  • CVE-2021-36021HigSep 6, 2023
    risk 0.47cvss 7.2epss 0.02

    Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability…

  • CVE-2021-36031HigSep 1, 2021
    risk 0.47cvss 7.2epss 0.03

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code…

  • CVE-2020-29075HigFeb 23, 2021
    risk 0.47cvss 7.1epss 0.08

    Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF…

  • CVE-2020-9588HigJun 26, 2020
    risk 0.47cvss 7.2epss 0.03

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

  • CVE-2019-8231HigNov 6, 2019
    risk 0.47cvss 7.2epss 0.01

    In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

  • CVE-2019-8230HigNov 6, 2019
    risk 0.47cvss 7.2epss 0.01

    In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

  • CVE-2019-8229HigNov 6, 2019
    risk 0.47cvss 7.2epss 0.01

    In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.

  • CVE-2019-8125HigNov 5, 2019
    risk 0.47cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

Page 63 of 148