Filtered by vendor Adobe
Subscriptions
Total
6212 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8246 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-05-05 | 9.8 Critical |
| Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||||
| CVE-2019-8244 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-05-05 | 4.3 Medium |
| Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2019-8243 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-05-05 | 4.3 Medium |
| Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2019-8242 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-05-05 | 4.3 Medium |
| Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2019-8241 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-05-05 | 4.3 Medium |
| Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2023-28500 | 1 Adobe | 1 Livecycle Es4 | 2025-05-05 | 9.8 Critical |
| A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may be vulnerable if the application is installed with Java environment 7u21 and earlier. Exploitation of the vulnerability depends on two factors: insecure deserialization methods used in the Adobe LiveCycle application, and the use of Java environments 7u21 and earlier. The code execution is performed in the context of the account that is running the Adobe LiveCycle application. If the account is privileged, exploitation provides privileged access to the operating system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-30290 | 1 Adobe | 1 Coldfusion | 2025-05-05 | 8.7 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are stored outside the intended restricted directory. Exploitation of this issue requires user interaction. | ||||
| CVE-2025-27183 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-05-02 | 7.8 High |
| After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27188 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-05-01 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-27189 | 1 Adobe | 1 Commerce B2b | 2025-04-30 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website. | ||||
| CVE-2025-27172 | 1 Adobe | 1 Substance 3d Designer | 2025-04-28 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21169 | 1 Adobe | 1 Substance 3d Designer | 2025-04-28 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27175 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-04-28 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27171 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-04-28 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27166 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-04-28 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24453 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-04-28 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24452 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-04-28 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27169 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-28 | 7.8 High |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24449 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-28 | 5.5 Medium |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24448 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-28 | 5.5 Medium |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||