VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,400 total · sorted by risk
  • CVE-2017-3100MedJul 17, 2017
    risk 0.43cvss 6.5epss 0.04

    Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.

  • CVE-2017-3080MedJul 17, 2017
    risk 0.43cvss 6.5epss 0.04

    Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

  • CVE-2017-3000MedMar 14, 2017
    risk 0.43cvss 6.5epss 0.08

    Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.

  • CVE-2017-2938MedJan 11, 2017
    risk 0.43cvss 6.5epss 0.05

    Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections.

  • CVE-2016-7851MedNov 8, 2016
    risk 0.43cvss 6.1epss 0.07

    Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.

  • CVE-2016-4278MedSep 14, 2016
    risk 0.43cvss 6.5epss 0.04

    Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than…

  • CVE-2016-4277MedSep 14, 2016
    risk 0.43cvss 6.5epss 0.04

    Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than…

  • CVE-2016-4271MedSep 14, 2016
    risk 0.43cvss 6.5epss 0.05

    Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than…

  • CVE-2025-27207MedJun 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and…

  • CVE-2025-24427MedFeb 11, 2025
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security…

  • CVE-2025-24426MedFeb 11, 2025
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security…

  • CVE-2025-24424MedFeb 11, 2025
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security…

  • CVE-2025-24422MedFeb 11, 2025
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security…

  • CVE-2025-24408MedFeb 11, 2025
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information.…

  • CVE-2024-43729MedDec 10, 2024
    risk 0.42cvss 6.5epss 0.01

    Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a high impact on…

  • CVE-2024-45132MedOct 10, 2024
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect…

  • CVE-2024-45118MedOct 10, 2024
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have…

  • CVE-2023-22268MedNov 17, 2023
    risk 0.42cvss 6.5epss 0.01

    Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue…

  • CVE-2023-38209MedAug 9, 2023
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other…

  • CVE-2023-29289MedJun 15, 2023
    risk 0.42cvss 6.5epss 0.01

    Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not…

  • CVE-2022-42343MedDec 16, 2022
    risk 0.42cvss 6.5epss 0.01

    Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via…

  • CVE-2022-34256HigAug 16, 2022
    risk 0.42cvss 7.5epss 0.02

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data.…

  • CVE-2021-43762MedJan 13, 2022
    risk 0.42cvss 6.5epss 0.02

    AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.

  • CVE-2021-39864MedOct 15, 2021
    risk 0.42cvss 6.5epss 0.02

    Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an…

  • CVE-2021-39856MedSep 29, 2021
    risk 0.42cvss 6.5epss 0.02

    Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2…

  • CVE-2021-39855MedSep 29, 2021
    risk 0.42cvss 6.5epss 0.02

    Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2…

  • CVE-2021-40712MedSep 27, 2021
    risk 0.42cvss 6.5epss 0.02

    Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.

  • CVE-2021-39827MedSep 27, 2021
    risk 0.42cvss 6.5epss 0.01

    Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before…

  • CVE-2021-28555MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.03

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to sensitive…

  • CVE-2021-36039MedSep 1, 2021
    risk 0.42cvss 6.5epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive information.

  • CVE-2021-36038MedSep 1, 2021
    risk 0.42cvss 6.5epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information…

  • CVE-2021-36037MedSep 1, 2021
    risk 0.42cvss 6.5epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.

  • CVE-2021-36027MedSep 1, 2021
    risk 0.42cvss 6.5epss 0.01

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be…

  • CVE-2021-36026MedSep 1, 2021
    risk 0.42cvss 6.5epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form…

  • CVE-2021-36012MedSep 1, 2021
    risk 0.42cvss 6.5epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item.

  • CVE-2021-28583HigJun 28, 2021
    risk 0.42cvss 7.5epss 0.02

    Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted…

  • CVE-2021-21070MedApr 19, 2021
    risk 0.42cvss 6.5epss 0.02

    Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges.

  • CVE-2020-9681MedApr 16, 2021
    risk 0.42cvss 6.5epss 0.01

    Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires…

  • CVE-2020-9667MedApr 16, 2021
    risk 0.42cvss 6.5epss 0.00

    Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user…

  • CVE-2021-28546MedApr 1, 2021
    risk 0.42cvss 6.5epss 0.01

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to modify content in a certified PDF without…

  • CVE-2021-21078MedMar 12, 2021
    risk 0.42cvss 6.5epss 0.01

    Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user…

  • CVE-2020-24401MedNov 9, 2020
    risk 0.42cvss 6.5epss 0.02

    Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.

  • CVE-2019-8116HigNov 5, 2019
    risk 0.42cvss 7.5epss 0.02

    Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.

  • CVE-2019-8112HigNov 5, 2019
    risk 0.42cvss 7.5epss 0.01

    A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new…

  • CVE-2019-8234MedOct 25, 2019
    risk 0.42cvss 6.5epss 0.02

    Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-7951HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via…

  • CVE-2019-7950HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.02

    An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access…

  • CVE-2019-7928HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between…

  • CVE-2019-7915HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.

  • CVE-2019-7886HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.

Page 69 of 148