Filtered by vendor Adobe
Subscribe
Total
7146 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27289 | 1 Adobe | 1 Photoshop | 2026-06-01 | N/A | 7.8 HIGH |
| Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-61813 | 1 Adobe | 1 Coldfusion | 2026-06-01 | N/A | 8.2 HIGH |
| ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation of this issue does requires user interaction and scope is changed. | |||||
| CVE-2023-4663 | 1 Adobe | 1 Connect | 2026-05-21 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS. This issue affects Saphira Connect: before 9. | |||||
| CVE-2023-4662 | 1 Adobe | 1 Connect | 2026-05-21 | N/A | 9.8 CRITICAL |
| Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9. | |||||
| CVE-2023-4661 | 1 Adobe | 1 Connect | 2026-05-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9. | |||||
| CVE-2023-4665 | 1 Adobe | 1 Connect | 2026-05-21 | N/A | 8.8 HIGH |
| Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |||||
| CVE-2023-4664 | 1 Adobe | 1 Connect | 2026-05-21 | N/A | 8.8 HIGH |
| Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |||||
| CVE-2009-3459 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2026-05-21 | 9.3 HIGH | 8.8 HIGH |
| Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2026-34645 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-34646 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-34647 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 7.4 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | |||||
| CVE-2026-34648 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-34649 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-34650 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-34651 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-34652 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-34653 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker with administrative privileges could exploit this vulnerability to read or write files outside the restricted directory. Exploitation of this issue does not require user interaction. Scope is changed. | |||||
| CVE-2026-34654 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-34655 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 4.8 MEDIUM |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed. | |||||
| CVE-2026-34656 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-05-20 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. | |||||