Vendor CVEs
Adobe Inc.
All CVEs
7,395 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8125 | Hig | 0.47 | 7.2 | 0.02 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution. | ||
| CVE-2019-8091 | Hig | 0.47 | 7.2 | 0.02 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. | ||
| CVE-2018-4934 | Med | 0.47 | 6.5 | 0.23 | May 19, 2018 | Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2025-61830 | Hig | 0.46 | 7.1 | 0.00 | Nov 11, 2025 | Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a… | ||
| CVE-2025-53692 | Hig | 0.46 | 7.1 | 0.00 | Sep 21, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from… | ||
| CVE-2025-8061 | Hig | 0.46 | 7.0 | 0.00 | Sep 11, 2025 | A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2… | ||
| CVE-2025-24407 | Hig | 0.46 | 7.1 | 0.01 | Feb 11, 2025 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with… | ||
| CVE-2024-39425 | Hig | 0.46 | 7.0 | 0.00 | Aug 14, 2024 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to… | ||
| CVE-2024-39420 | Hig | 0.46 | 7.0 | 0.03 | Aug 14, 2024 | Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This… | ||
| CVE-2024-34123 | Hig | 0.46 | 7.0 | 0.00 | Jul 9, 2024 | Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might… | ||
| CVE-2024-34116 | Hig | 0.46 | 7.1 | 0.00 | Jun 13, 2024 | Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file… | ||
| CVE-2024-34104 | Hig | 0.46 | 8.2 | 0.01 | Jun 13, 2024 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access,… | ||
| CVE-2024-34103 | Hig | 0.46 | 8.1 | 0.01 | Jun 13, 2024 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the… | ||
| CVE-2023-44352 | Med | 0.46 | 6.1 | 0.85 | Nov 17, 2023 | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content… | ||
| CVE-2022-23202 | Hig | 0.46 | 7.0 | 0.02 | Feb 16, 2022 | Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim… | ||
| CVE-2021-21076 | Hig | 0.46 | 7.1 | 0.03 | Mar 12, 2021 | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction… | ||
| CVE-2021-21075 | Hig | 0.46 | 7.1 | 0.03 | Mar 12, 2021 | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction… | ||
| CVE-2021-21074 | Hig | 0.46 | 7.1 | 0.03 | Mar 12, 2021 | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction… | ||
| CVE-2021-21073 | Hig | 0.46 | 7.1 | 0.03 | Mar 12, 2021 | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction… | ||
| CVE-2021-21072 | Hig | 0.46 | 7.1 | 0.03 | Mar 12, 2021 | Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction… | ||
| CVE-2021-21011 | Hig | 0.46 | 7.0 | 0.02 | Jan 13, 2021 | Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges. | ||
| CVE-2021-21010 | Hig | 0.46 | 7.0 | 0.02 | Jan 13, 2021 | InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2021-21008 | Hig | 0.46 | 7.0 | 0.02 | Jan 13, 2021 | Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2021-21007 | Hig | 0.46 | 7.0 | 0.02 | Jan 13, 2021 | Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2020-24447 | Hig | 0.46 | 7.0 | 0.01 | Dec 11, 2020 | Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must… | ||
| CVE-2020-24440 | Hig | 0.46 | 7.0 | 0.01 | Dec 11, 2020 | Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2020-24400 | Hig | 0.46 | 7.1 | 0.02 | Nov 9, 2020 | Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the… | ||
| CVE-2020-24424 | Hig | 0.46 | 7.0 | 0.01 | Oct 21, 2020 | Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2020-24423 | Hig | 0.46 | 7.0 | 0.01 | Oct 21, 2020 | Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2020-24420 | Hig | 0.46 | 7.0 | 0.01 | Oct 21, 2020 | Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must… | ||
| CVE-2020-24419 | Hig | 0.46 | 7.0 | 0.01 | Oct 21, 2020 | Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open… | ||
| CVE-2020-24422 | Hig | 0.46 | 7.0 | 0.03 | Oct 21, 2020 | Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires… | ||
| CVE-2020-9746 | Hig | 0.46 | 7.0 | 0.04 | Oct 14, 2020 | Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response… | ||
| CVE-2020-9615 | Hig | 0.46 | 7.0 | 0.01 | Jun 25, 2020 | Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass. | ||
| CVE-2025-30294 | Med | 0.45 | 6.8 | 0.12 | Apr 8, 2025 | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized… | ||
| CVE-2021-21015 | Hig | 0.45 | 8.0 | 0.03 | Feb 11, 2021 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the… | ||
| CVE-2019-8109 | Hig | 0.45 | 8.0 | 0.01 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution. | ||
| CVE-2018-5063 | Med | 0.45 | 6.5 | 0.31 | Jul 20, 2018 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-12764 | Med | 0.45 | 6.5 | 0.31 | Jul 20, 2018 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2025-30293 | Med | 0.44 | 6.8 | 0.01 | Apr 8, 2025 | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized… | ||
| CVE-2024-39406 | Med | 0.44 | 6.8 | 0.01 | Aug 14, 2024 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this… | ||
| CVE-2023-26366 | Med | 0.44 | 6.8 | 0.01 | Oct 13, 2023 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker… | ||
| CVE-2023-22232 | Med | 0.44 | 5.3 | 0.82 | Feb 17, 2023 | Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of… | ||
| CVE-2022-28247 | Med | 0.44 | 6.7 | 0.00 | May 11, 2022 | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a… | ||
| CVE-2020-24432 | Med | 0.44 | 6.7 | 0.11 | Nov 5, 2020 | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript… | ||
| CVE-2020-9738 | Med | 0.44 | 6.8 | 0.02 | Sep 10, 2020 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.… | ||
| CVE-2020-9737 | Med | 0.44 | 6.8 | 0.02 | Sep 10, 2020 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.… | ||
| CVE-2020-9736 | Med | 0.44 | 6.8 | 0.02 | Sep 10, 2020 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.… | ||
| CVE-2020-9735 | Med | 0.44 | 6.8 | 0.02 | Sep 10, 2020 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.… | ||
| CVE-2018-4906 | Med | 0.44 | 6.5 | 0.22 | Feb 27, 2018 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the… |
- risk 0.47cvss 7.2epss 0.02
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
- risk 0.47cvss 7.2epss 0.02
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
- risk 0.47cvss 6.5epss 0.23
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.46cvss 7.1epss 0.00
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from…
- risk 0.46cvss 7.0epss 0.00
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2…
- risk 0.46cvss 7.1epss 0.01
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with…
- risk 0.46cvss 7.0epss 0.00
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to…
- risk 0.46cvss 7.0epss 0.03
Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This…
- risk 0.46cvss 7.0epss 0.00
Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might…
- risk 0.46cvss 7.1epss 0.00
Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file…
- risk 0.46cvss 8.2epss 0.01
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access,…
- risk 0.46cvss 8.1epss 0.01
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the…
- risk 0.46cvss 6.1epss 0.85
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content…
- risk 0.46cvss 7.0epss 0.02
Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…
- risk 0.46cvss 7.1epss 0.03
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…
- risk 0.46cvss 7.1epss 0.03
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…
- risk 0.46cvss 7.1epss 0.03
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…
- risk 0.46cvss 7.1epss 0.03
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…
- risk 0.46cvss 7.1epss 0.03
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction…
- risk 0.46cvss 7.0epss 0.02
Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.
- risk 0.46cvss 7.0epss 0.02
InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.46cvss 7.0epss 0.02
Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.46cvss 7.0epss 0.02
Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.46cvss 7.0epss 0.01
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…
- risk 0.46cvss 7.0epss 0.01
Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.46cvss 7.1epss 0.02
Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the…
- risk 0.46cvss 7.0epss 0.01
Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.46cvss 7.0epss 0.01
Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.46cvss 7.0epss 0.01
Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…
- risk 0.46cvss 7.0epss 0.01
Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open…
- risk 0.46cvss 7.0epss 0.03
Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…
- risk 0.46cvss 7.0epss 0.04
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response…
- risk 0.46cvss 7.0epss 0.01
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass.
- risk 0.45cvss 6.8epss 0.12
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized…
- risk 0.45cvss 8.0epss 0.03
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the…
- risk 0.45cvss 8.0epss 0.01
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
- risk 0.45cvss 6.5epss 0.31
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.45cvss 6.5epss 0.31
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.44cvss 6.8epss 0.01
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized…
- risk 0.44cvss 6.8epss 0.01
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this…
- risk 0.44cvss 6.8epss 0.01
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker…
- risk 0.44cvss 5.3epss 0.82
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of…
- risk 0.44cvss 6.7epss 0.00
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a…
- risk 0.44cvss 6.7epss 0.11
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript…
- risk 0.44cvss 6.8epss 0.02
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.…
- risk 0.44cvss 6.8epss 0.02
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.…
- risk 0.44cvss 6.8epss 0.02
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.…
- risk 0.44cvss 6.8epss 0.02
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields.…
- risk 0.44cvss 6.5epss 0.22
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the…
Page 64 of 148