VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,400 total · sorted by risk
  • CVE-2019-7861HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.02

    Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

  • CVE-2019-7860HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

  • CVE-2019-7859HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

  • CVE-2019-7858HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

  • CVE-2019-7854HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

  • CVE-2019-7963MedJul 18, 2019
    risk 0.42cvss 6.5epss 0.03

    Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

  • CVE-2019-7953MedJul 18, 2019
    risk 0.42cvss 6.5epss 0.03

    Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

  • CVE-2019-7074MedMay 24, 2019
    risk 0.42cvss 6.5epss 0.03

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2019-7073MedMay 24, 2019
    risk 0.42cvss 6.5epss 0.03

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2019-7071MedMay 24, 2019
    risk 0.42cvss 6.5epss 0.03

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2019-7049MedMay 24, 2019
    risk 0.42cvss 6.5epss 0.03

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-19721MedJan 28, 2019
    risk 0.42cvss 6.5epss 0.03

    Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723.

  • CVE-2018-19728MedJan 28, 2019
    risk 0.42cvss 6.5epss 0.03

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read…

  • CVE-2010-1282MedMay 13, 2010
    risk 0.42cvss 6.5epss 0.03

    Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

  • CVE-2026-47910MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.…

  • CVE-2026-47909MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.…

  • CVE-2026-34664MedMay 12, 2026
    risk 0.41cvss 6.3epss 0.00

    Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive…

  • CVE-2026-27299MedApr 14, 2026
    risk 0.41cvss 6.3epss 0.00

    Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue…

  • CVE-2026-34626MedApr 14, 2026
    risk 0.41cvss 6.3epss 0.00

    Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current…

  • CVE-2025-30292MedApr 8, 2025
    risk 0.41cvss 6.1epss 0.12

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the…

  • CVE-2024-49535MedDec 10, 2024
    risk 0.41cvss 6.3epss 0.00

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference…

  • CVE-2022-28244MedMay 11, 2022
    risk 0.41cvss 6.3epss 0.03

    Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured…

  • CVE-2021-28628MedAug 24, 2021
    risk 0.41cvss 6.3epss 0.01

    Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in…

  • CVE-2021-28625MedAug 24, 2021
    risk 0.41cvss 6.3epss 0.01

    Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in…

  • CVE-2019-8027MedAug 20, 2019
    risk 0.41cvss 6.3epss 0.02

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…

  • CVE-2019-7890HigAug 2, 2019
    risk 0.41cvss 7.3epss 0.01

    An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

  • CVE-2008-2991MedJul 9, 2008
    risk 0.41cvss 6.1epss 0.16

    Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log.

  • CVE-2026-47905MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-47904MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-47903MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does…

  • CVE-2026-47902MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-34688MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34680MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34679MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34678MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in…

  • CVE-2026-34677MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in…

  • CVE-2026-34673MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in…

  • CVE-2026-34672MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading…

  • CVE-2026-34671MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34670MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34669MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34668MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34667MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading…

  • CVE-2026-34666MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34614MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the…

  • CVE-2026-21331MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the…

  • CVE-2025-49545MedJul 8, 2025
    risk 0.40cvss 6.2epss 0.00

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection…

  • CVE-2025-47094MedJun 10, 2025
    risk 0.40cvss 6.1epss 0.00

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of…

  • CVE-2025-47049MedJun 10, 2025
    risk 0.40cvss 6.1epss 0.00

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser.…

  • CVE-2025-30315MedMay 13, 2025
    risk 0.40cvss 6.1epss 0.00

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to…

Page 70 of 148