Filtered by vendor Adobe
Subscriptions
Total
7055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54271 | 2 Adobe, Apple | 3 Creative Cloud, Creative Cloud Desktop Application, Macos | 2025-10-21 | 5.6 Medium |
| Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker could exploit the timing between the check and use of a resource, potentially allowing unauthorized modifications to files. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-54266 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-10-20 | 4.8 Medium |
| Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed. | ||||
| CVE-2025-54265 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-10-20 | 5.9 Medium |
| Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-54196 | 3 Adobe, Apple, Microsoft | 3 Connect, Macos, Windows | 2025-10-20 | 3.1 Low |
| Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction in that a victim must click on a crafted link. | ||||
| CVE-2025-54277 | 1 Adobe | 1 Commerce | 2025-10-20 | N/A |
| This CVE ID was issued in error by its CVE Numbering Authority. | ||||
| CVE-2025-54270 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-20 | 5.5 Medium |
| Animate versions 23.0.13, 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54269 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-20 | 5.5 Medium |
| Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54278 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-10-20 | 5.5 Medium |
| Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54275 | 1 Adobe | 1 Substance 3d Viewer | 2025-10-14 | 5.5 Medium |
| Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to crash the application or make it unavailable. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54261 | 1 Adobe | 1 Coldfusion | 2025-10-08 | 10 Critical |
| ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed. | ||||
| CVE-2025-54254 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2025-10-02 | 8.6 High |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-54255 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-10-02 | 4 Medium |
| Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged. | ||||
| CVE-2025-54251 | 1 Adobe | 1 Experience Manager | 2025-10-02 | 4.3 Medium |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access. | ||||
| CVE-2023-4664 | 1 Adobe | 1 Connect | 2025-09-24 | 8.8 High |
| Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4661 | 1 Adobe | 1 Connect | 2025-09-24 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4665 | 1 Adobe | 1 Connect | 2025-09-24 | 8.8 High |
| Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4663 | 1 Adobe | 1 Connect | 2025-09-24 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4662 | 1 Adobe | 1 Connect | 2025-09-24 | 9.8 Critical |
| Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-48580 | 1 Adobe | 1 Experience Manager | 2025-09-19 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2021-28627 | 1 Adobe | 1 Experience Manager | 2025-09-19 | 5.4 Medium |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction. | ||||