VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,395 total · sorted by risk
  • CVE-2019-8125HigNov 5, 2019
    risk 0.47cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

  • CVE-2019-8091HigNov 5, 2019
    risk 0.47cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.

  • CVE-2018-4934MedMay 19, 2018
    risk 0.47cvss 6.5epss 0.23

    Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2025-61830HigNov 11, 2025
    risk 0.46cvss 7.1epss 0.00

    Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a…

  • CVE-2025-53692HigSep 21, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from…

  • CVE-2025-8061HigSep 11, 2025
    risk 0.46cvss 7.0epss 0.00

    A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2…

  • CVE-2025-24407HigFeb 11, 2025
    risk 0.46cvss 7.1epss 0.01

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with…

  • CVE-2024-39425HigAug 14, 2024
    risk 0.46cvss 7.0epss 0.00

    Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to…

  • CVE-2024-39420HigAug 14, 2024
    risk 0.46cvss 7.0epss 0.03

    Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This…

  • CVE-2024-34123HigJul 9, 2024
    risk 0.46cvss 7.0epss 0.00

    Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might…

  • CVE-2024-34116HigJun 13, 2024
    risk 0.46cvss 7.1epss 0.00

    Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file…

  • CVE-2024-34104HigJun 13, 2024
    risk 0.46cvss 8.2epss 0.01

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access,…

  • CVE-2024-34103HigJun 13, 2024
    risk 0.46cvss 8.1epss 0.01

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the…

  • CVE-2023-44352MedNov 17, 2023
    risk 0.46cvss 6.1epss 0.85

    Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content…

  • CVE-2022-23202HigFeb 16, 2022
    risk 0.46cvss 7.0epss 0.02

    Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…

  • CVE-2021-21076HigMar 12, 2021
    risk 0.46cvss 7.1epss 0.03

    Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…

  • CVE-2021-21075HigMar 12, 2021
    risk 0.46cvss 7.1epss 0.03

    Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…

  • CVE-2021-21074HigMar 12, 2021
    risk 0.46cvss 7.1epss 0.03

    Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…

  • CVE-2021-21073HigMar 12, 2021
    risk 0.46cvss 7.1epss 0.03

    Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…

  • CVE-2021-21072HigMar 12, 2021
    risk 0.46cvss 7.1epss 0.03

    Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…

  • CVE-2021-21011HigJan 13, 2021
    risk 0.46cvss 7.0epss 0.02

    Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.

  • CVE-2021-21010HigJan 13, 2021
    risk 0.46cvss 7.0epss 0.02

    InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2021-21008HigJan 13, 2021
    risk 0.46cvss 7.0epss 0.02

    Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2021-21007HigJan 13, 2021
    risk 0.46cvss 7.0epss 0.02

    Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2020-24447HigDec 11, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2020-24440HigDec 11, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2020-24400HigNov 9, 2020
    risk 0.46cvss 7.1epss 0.02

    Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the…

  • CVE-2020-24424HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2020-24423HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2020-24420HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2020-24419HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open…

  • CVE-2020-24422HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.03

    Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…

  • CVE-2020-9746HigOct 14, 2020
    risk 0.46cvss 7.0epss 0.04

    Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response…

  • CVE-2020-9615HigJun 25, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass.

  • CVE-2025-30294MedApr 8, 2025
    risk 0.45cvss 6.8epss 0.12

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized…

  • CVE-2021-21015HigFeb 11, 2021
    risk 0.45cvss 8.0epss 0.03

    Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the…

  • CVE-2019-8109HigNov 5, 2019
    risk 0.45cvss 8.0epss 0.01

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.

  • CVE-2018-5063MedJul 20, 2018
    risk 0.45cvss 6.5epss 0.31

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-12764MedJul 20, 2018
    risk 0.45cvss 6.5epss 0.31

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2025-30293MedApr 8, 2025
    risk 0.44cvss 6.8epss 0.01

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized…

  • CVE-2024-39406MedAug 14, 2024
    risk 0.44cvss 6.8epss 0.01

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this…

  • CVE-2023-26366MedOct 13, 2023
    risk 0.44cvss 6.8epss 0.01

    Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker…

  • CVE-2023-22232MedFeb 17, 2023
    risk 0.44cvss 5.3epss 0.82

    Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of…

  • CVE-2022-28247MedMay 11, 2022
    risk 0.44cvss 6.7epss 0.00

    Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a…

  • CVE-2020-24432MedNov 5, 2020
    risk 0.44cvss 6.7epss 0.11

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript…

  • CVE-2020-9738MedSep 10, 2020
    risk 0.44cvss 6.8epss 0.02

    AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.…

  • CVE-2020-9737MedSep 10, 2020
    risk 0.44cvss 6.8epss 0.02

    AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.…

  • CVE-2020-9736MedSep 10, 2020
    risk 0.44cvss 6.8epss 0.02

    AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.…

  • CVE-2020-9735MedSep 10, 2020
    risk 0.44cvss 6.8epss 0.02

    AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.…

  • CVE-2018-4906MedFeb 27, 2018
    risk 0.44cvss 6.5epss 0.22

    An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the…

Page 64 of 148