Adobe
Monthly
Stored XSS in Adobe Experience Manager versions 6.5.23 and earlier enables low-privileged attackers to embed malicious scripts in form fields that execute when legitimate users view the affected pages. An attacker with basic authentication can inject JavaScript that runs in victims' browsers, potentially compromising session data or performing unauthorized actions. No patch is currently available for this vulnerability.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with login credentials can compromise victim browsers and potentially steal sensitive information or perform unauthorized actions within the application context. No patch is currently available for this vulnerability.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in the browsers of users viewing those pages. The vulnerability requires user interaction and has limited scope of impact, affecting confidentiality and integrity but not availability. No patch is currently available for this medium-severity issue.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges and user interaction can compromise the confidentiality and integrity of victim sessions. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. A low-privileged user can exploit this to perform actions in victim browsers or steal sensitive information, though no patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers when the affected pages are viewed. The vulnerability requires user interaction and is limited to low-impact information disclosure and modification, though it can affect multiple users due to its stored nature. No patch is currently available for this issue.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in victims' browsers when they access affected pages. The vulnerability requires user interaction and can result in session hijacking, credential theft, or malware distribution. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in victims' browsers, potentially leading to session hijacking or credential theft. The vulnerability requires user interaction and is currently unpatched, with no active exploitation reported.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in users' browsers when the affected pages are accessed. An attacker with login credentials can craft payloads that persist in the application and compromise victim sessions or steal sensitive data. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers when they access affected pages. An attacker can exploit this to steal session tokens, perform unauthorized actions, or deface content with minimal user interaction required. No patch is currently available for this vulnerability.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when the affected pages are accessed. An attacker with login credentials can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of users viewing the compromised forms. No patch is currently available for this vulnerability.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of victims through their browsers. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts through form fields, which execute in victims' browsers when they view affected pages. The vulnerability requires user interaction and network access but can impact confidentiality and integrity across security domains. No patch is currently available.
Adobe Experience Manager 6.5.23 and earlier contains a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts affecting other users who view the compromised pages. When a victim browses to a page containing the injected payload, the malicious JavaScript executes in their browser context, potentially enabling session hijacking or credential theft. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when they view affected pages. This requires user interaction and an authenticated attacker, but could compromise the confidentiality and integrity of user sessions. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier enables authenticated attackers to inject malicious scripts into form fields that execute when users view affected pages. An attacker with login credentials can compromise victim browsers and steal sensitive data or perform actions on their behalf. No patch is currently available.
Arbitrary code execution in Adobe Illustrator 29.8.4, 30.1 and earlier through an out-of-bounds write vulnerability affecting local users who open malicious files. An attacker can exploit this to execute code with the privileges of the targeted user, requiring only that the victim interact with a crafted document. No patch is currently available for this high-severity vulnerability.
Heap buffer overflow in Adobe Illustrator 29.8.4 and 30.1 allows arbitrary code execution under the current user's privileges when opening a malicious file. The vulnerability requires user interaction but carries no patch availability, leaving affected systems at risk. An attacker can achieve code execution by crafting and distributing a malicious document that triggers the memory corruption flaw.
Out-of-bounds memory read in Adobe Illustrator 29.8.4 and 30.1 and earlier enables attackers to disclose sensitive information from process memory by tricking users into opening malicious files. This local vulnerability requires user interaction but poses a high confidentiality risk with no available patch. Affected organizations should restrict file opening from untrusted sources until Adobe releases a fix.
Out-of-bounds memory read in Adobe Illustrator 29.8.4, 30.1 and earlier enables local attackers to extract sensitive data from process memory by tricking users into opening crafted files. No patch is currently available for this vulnerability, which requires user interaction but poses a meaningful confidentiality risk to affected users.
Arbitrary code execution in Adobe Illustrator 29.8.4 and 30.1 through a stack-based buffer overflow when processing malicious files. Local exploitation requires user interaction to open a crafted document, executing code with the privileges of the current user. No patch is currently available for affected versions.
Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier results from an out-of-bounds write flaw that executes with user privileges. An attacker can achieve code execution by crafting a malicious file that triggers the vulnerability when opened by a victim. No patch is currently available for this high-severity issue.
Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier via an untrusted search path vulnerability allows local attackers to execute malicious code with user privileges. The vulnerability requires a victim to open a specially crafted file, making it exploitable through social engineering or malicious file distribution. No patch is currently available.
Arbitrary code execution in Adobe Acrobat and Acrobat Reader versions 24.001.30307 and earlier stems from a use-after-free memory vulnerability triggered when users open specially crafted files. An attacker can achieve code execution with the privileges of the current user, though exploitation requires victim interaction. No patch is currently available for affected versions.
Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.
Arbitrary code execution in Adobe Acrobat Reader and Acrobat (versions 24.001.30307 and earlier) via a use-after-free vulnerability requires victims to open a malicious file. Local attackers can exploit this to execute code with the privileges of the current user. No patch is currently available.
Integer overflow in psd-tools Python library before 1.12.2 when processing malformed RLE-compressed PSD files leads to heap overflow. PoC and patch available.
Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.
InDesign versions 21.1, 20.5.1 and earlier contain a heap buffer overflow that enables local denial-of-service attacks when users open malicious files. An attacker can crash the application to disrupt workflow, though no patch is currently available. User interaction is required for exploitation.
Arbitrary code execution in Adobe InDesign versions 21.1, 20.5.1, and earlier through a heap buffer overflow vulnerability triggered by opening a malicious file. The vulnerability requires user interaction and executes with the privileges of the current user, with no patch currently available. Local attackers can leverage this to achieve code execution on affected systems.
Out-of-bounds memory read in Adobe InDesign versions 21.1, 20.5.1 and earlier enables disclosure of sensitive information residing in application memory. Exploitation requires a victim to open a specially crafted malicious file, making this a user-interaction dependent attack vector. No patch is currently available for affected users.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier via a heap buffer overflow vulnerability when users open malicious files. The flaw requires user interaction but allows attackers to execute code with the privileges of the current user. No patch is currently available for this high-severity issue.
Adobe Illustrator versions 29.8.3 and 30.0 and earlier are vulnerable to a null pointer dereference that enables local denial-of-service attacks when users open crafted files. An attacker can crash the application by supplying a malicious file, disrupting workflow for targeted users. No patch is currently available for this vulnerability.
Arbitrary code execution in Adobe Illustrator 29.8.3 and 30.0 through an untrusted search path vulnerability that allows attackers to redirect application resource lookups to malicious executables. Exploitation requires local access and user interaction to open a crafted file, but executes with full user privileges and can affect the entire system. No patch is currently available.
Memory disclosure in Adobe InDesign versions 21.0, 19.5.5 and earlier through out-of-bounds read allows attackers to access sensitive information from application memory when users open specially crafted malicious files. This vulnerability requires user interaction to exploit but requires no special privileges to trigger. No patch is currently available for affected versions.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow vulnerability triggered by opening a malicious file. Attackers can achieve code execution with the privileges of the affected user, requiring only social engineering to deliver the malicious document. No patch is currently available.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. This local attack requires user interaction but offers no patch availability and affects all current InDesign users.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. The attack requires no special privileges or system access, making it a significant risk for InDesign users who may inadvertently open malicious documents. No patch is currently available.
Improper verification of cryptographic signatures in Adobe Acrobat Reader versions up to 24.001.30264, 20.005.30803, and 25.001.20982 allows local attackers to bypass cryptographic protections and gain limited unauthorized write access to PDF documents. The vulnerability requires user interaction with a malicious or crafted PDF containing an improperly signed element. With a CVSS score of 3.3 and local attack vector, this represents a low-severity security feature bypass affecting document integrity verification.
Improper verification of cryptographic signatures in Adobe Acrobat Reader and Acrobat DC versions up to 24.001.30273, 25.001.20982, and 20.005.30803 allows local attackers to bypass security features and gain limited unauthorized write access to PDF documents. Exploitation requires user interaction with a malicious or specially crafted cryptographic signature embedded in a PDF file. No active exploitation has been confirmed at the time of analysis.
Arbitrary code execution in Adobe Acrobat Reader DC and Acrobat DC (all editions through versions 25.001.20982, 24.001.30273, and 20.005.30803) occurs when malicious files manipulate the application's DLL search path. Attackers achieve full code execution with current user privileges through local attack requiring social engineering to open a crafted PDF or related file. Adobe confirms the vulnerability in security bulletin APSB25-119 with patches released for all affected product lines. EPSS data not provided, but the local vector with required user interaction (AV:L/UI:R) and lack of CISA KEV listing suggest lower probability of widespread automated exploitation compared to remote vulnerabilities, though targeted attacks via phishing remain viable.
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Magento-lts is a long-term support alternative to Magento Community Edition (CE). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Open redirect vulnerability in Adobe Connect 12.9 and earlier allows remote attackers to redirect users to arbitrary websites by crafting malicious links, requiring victim interaction to click the link. The vulnerability has low confidentiality impact with CVSS 4.3 and no confirmed active exploitation or public exploit code at time of analysis.
DOM-based Cross-Site Scripting in Adobe Connect 12.9 and earlier enables session hijacking when high-privileged administrators interact with attacker-crafted pages. Scope change to 'C' indicates the attacker can pivot beyond the vulnerable component's security boundary, allowing privileged session takeover that impacts both confidentiality and integrity at high levels. No active exploitation confirmed per CISA KEV at time of analysis. Adobe has released security advisory APSB25-70 addressing this vulnerability.
Adobe Commerce versions 2.4.9-alpha2 through 2.4.4-p15 are vulnerable to an incorrect authorization flaw that allows remote, unauthenticated attackers to bypass security controls and gain unauthorized read access to sensitive data. The vulnerability requires specific conditions beyond the attacker's control and does not require user interaction, but carries a moderate CVSS score of 5.9 reflecting high confidentiality impact and high attack complexity.
A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration allows Stored XSS.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Session hijacking in Adobe Commerce (Magento) 2.4.x through 2.4.9-alpha2 allows remote unauthenticated attackers to take over active user sessions via improper input validation, confirmed actively exploited (CISA KEV). With 73.72% EPSS score (99th percentile) and public exploit code available, this represents a critical, widespread threat to e-commerce platforms. Attackers gain unauthorized access to user accounts including administrative sessions without requiring victim interaction.
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated remote code execution with changed scope (CVSS 10.0).
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stored XSS in Adobe Experience Manager versions 6.5.23 and earlier enables low-privileged attackers to embed malicious scripts in form fields that execute when legitimate users view the affected pages. An attacker with basic authentication can inject JavaScript that runs in victims' browsers, potentially compromising session data or performing unauthorized actions. No patch is currently available for this vulnerability.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with login credentials can compromise victim browsers and potentially steal sensitive information or perform unauthorized actions within the application context. No patch is currently available for this vulnerability.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in the browsers of users viewing those pages. The vulnerability requires user interaction and has limited scope of impact, affecting confidentiality and integrity but not availability. No patch is currently available for this medium-severity issue.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges and user interaction can compromise the confidentiality and integrity of victim sessions. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. A low-privileged user can exploit this to perform actions in victim browsers or steal sensitive information, though no patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers when the affected pages are viewed. The vulnerability requires user interaction and is limited to low-impact information disclosure and modification, though it can affect multiple users due to its stored nature. No patch is currently available for this issue.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in victims' browsers when they access affected pages. The vulnerability requires user interaction and can result in session hijacking, credential theft, or malware distribution. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in victims' browsers, potentially leading to session hijacking or credential theft. The vulnerability requires user interaction and is currently unpatched, with no active exploitation reported.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in users' browsers when the affected pages are accessed. An attacker with login credentials can craft payloads that persist in the application and compromise victim sessions or steal sensitive data. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers when they access affected pages. An attacker can exploit this to steal session tokens, perform unauthorized actions, or deface content with minimal user interaction required. No patch is currently available for this vulnerability.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when the affected pages are accessed. An attacker with login credentials can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of users viewing the compromised forms. No patch is currently available for this vulnerability.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of victims through their browsers. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts through form fields, which execute in victims' browsers when they view affected pages. The vulnerability requires user interaction and network access but can impact confidentiality and integrity across security domains. No patch is currently available.
Adobe Experience Manager 6.5.23 and earlier contains a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts affecting other users who view the compromised pages. When a victim browses to a page containing the injected payload, the malicious JavaScript executes in their browser context, potentially enabling session hijacking or credential theft. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when they view affected pages. This requires user interaction and an authenticated attacker, but could compromise the confidentiality and integrity of user sessions. No patch is currently available.
Stored XSS in Adobe Experience Manager 6.5.23 and earlier enables authenticated attackers to inject malicious scripts into form fields that execute when users view affected pages. An attacker with login credentials can compromise victim browsers and steal sensitive data or perform actions on their behalf. No patch is currently available.
Arbitrary code execution in Adobe Illustrator 29.8.4, 30.1 and earlier through an out-of-bounds write vulnerability affecting local users who open malicious files. An attacker can exploit this to execute code with the privileges of the targeted user, requiring only that the victim interact with a crafted document. No patch is currently available for this high-severity vulnerability.
Heap buffer overflow in Adobe Illustrator 29.8.4 and 30.1 allows arbitrary code execution under the current user's privileges when opening a malicious file. The vulnerability requires user interaction but carries no patch availability, leaving affected systems at risk. An attacker can achieve code execution by crafting and distributing a malicious document that triggers the memory corruption flaw.
Out-of-bounds memory read in Adobe Illustrator 29.8.4 and 30.1 and earlier enables attackers to disclose sensitive information from process memory by tricking users into opening malicious files. This local vulnerability requires user interaction but poses a high confidentiality risk with no available patch. Affected organizations should restrict file opening from untrusted sources until Adobe releases a fix.
Out-of-bounds memory read in Adobe Illustrator 29.8.4, 30.1 and earlier enables local attackers to extract sensitive data from process memory by tricking users into opening crafted files. No patch is currently available for this vulnerability, which requires user interaction but poses a meaningful confidentiality risk to affected users.
Arbitrary code execution in Adobe Illustrator 29.8.4 and 30.1 through a stack-based buffer overflow when processing malicious files. Local exploitation requires user interaction to open a crafted document, executing code with the privileges of the current user. No patch is currently available for affected versions.
Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier results from an out-of-bounds write flaw that executes with user privileges. An attacker can achieve code execution by crafting a malicious file that triggers the vulnerability when opened by a victim. No patch is currently available for this high-severity issue.
Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier via an untrusted search path vulnerability allows local attackers to execute malicious code with user privileges. The vulnerability requires a victim to open a specially crafted file, making it exploitable through social engineering or malicious file distribution. No patch is currently available.
Arbitrary code execution in Adobe Acrobat and Acrobat Reader versions 24.001.30307 and earlier stems from a use-after-free memory vulnerability triggered when users open specially crafted files. An attacker can achieve code execution with the privileges of the current user, though exploitation requires victim interaction. No patch is currently available for affected versions.
Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.
Arbitrary code execution in Adobe Acrobat Reader and Acrobat (versions 24.001.30307 and earlier) via a use-after-free vulnerability requires victims to open a malicious file. Local attackers can exploit this to execute code with the privileges of the current user. No patch is currently available.
Integer overflow in psd-tools Python library before 1.12.2 when processing malformed RLE-compressed PSD files leads to heap overflow. PoC and patch available.
Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.
InDesign versions 21.1, 20.5.1 and earlier contain a heap buffer overflow that enables local denial-of-service attacks when users open malicious files. An attacker can crash the application to disrupt workflow, though no patch is currently available. User interaction is required for exploitation.
Arbitrary code execution in Adobe InDesign versions 21.1, 20.5.1, and earlier through a heap buffer overflow vulnerability triggered by opening a malicious file. The vulnerability requires user interaction and executes with the privileges of the current user, with no patch currently available. Local attackers can leverage this to achieve code execution on affected systems.
Out-of-bounds memory read in Adobe InDesign versions 21.1, 20.5.1 and earlier enables disclosure of sensitive information residing in application memory. Exploitation requires a victim to open a specially crafted malicious file, making this a user-interaction dependent attack vector. No patch is currently available for affected users.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier via a heap buffer overflow vulnerability when users open malicious files. The flaw requires user interaction but allows attackers to execute code with the privileges of the current user. No patch is currently available for this high-severity issue.
Adobe Illustrator versions 29.8.3 and 30.0 and earlier are vulnerable to a null pointer dereference that enables local denial-of-service attacks when users open crafted files. An attacker can crash the application by supplying a malicious file, disrupting workflow for targeted users. No patch is currently available for this vulnerability.
Arbitrary code execution in Adobe Illustrator 29.8.3 and 30.0 through an untrusted search path vulnerability that allows attackers to redirect application resource lookups to malicious executables. Exploitation requires local access and user interaction to open a crafted file, but executes with full user privileges and can affect the entire system. No patch is currently available.
Memory disclosure in Adobe InDesign versions 21.0, 19.5.5 and earlier through out-of-bounds read allows attackers to access sensitive information from application memory when users open specially crafted malicious files. This vulnerability requires user interaction to exploit but requires no special privileges to trigger. No patch is currently available for affected versions.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow vulnerability triggered by opening a malicious file. Attackers can achieve code execution with the privileges of the affected user, requiring only social engineering to deliver the malicious document. No patch is currently available.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. This local attack requires user interaction but offers no patch availability and affects all current InDesign users.
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. The attack requires no special privileges or system access, making it a significant risk for InDesign users who may inadvertently open malicious documents. No patch is currently available.
Improper verification of cryptographic signatures in Adobe Acrobat Reader versions up to 24.001.30264, 20.005.30803, and 25.001.20982 allows local attackers to bypass cryptographic protections and gain limited unauthorized write access to PDF documents. The vulnerability requires user interaction with a malicious or crafted PDF containing an improperly signed element. With a CVSS score of 3.3 and local attack vector, this represents a low-severity security feature bypass affecting document integrity verification.
Improper verification of cryptographic signatures in Adobe Acrobat Reader and Acrobat DC versions up to 24.001.30273, 25.001.20982, and 20.005.30803 allows local attackers to bypass security features and gain limited unauthorized write access to PDF documents. Exploitation requires user interaction with a malicious or specially crafted cryptographic signature embedded in a PDF file. No active exploitation has been confirmed at the time of analysis.
Arbitrary code execution in Adobe Acrobat Reader DC and Acrobat DC (all editions through versions 25.001.20982, 24.001.30273, and 20.005.30803) occurs when malicious files manipulate the application's DLL search path. Attackers achieve full code execution with current user privileges through local attack requiring social engineering to open a crafted PDF or related file. Adobe confirms the vulnerability in security bulletin APSB25-119 with patches released for all affected product lines. EPSS data not provided, but the local vector with required user interaction (AV:L/UI:R) and lack of CISA KEV listing suggest lower probability of widespread automated exploitation compared to remote vulnerabilities, though targeted attacks via phishing remain viable.
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Magento-lts is a long-term support alternative to Magento Community Edition (CE). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Open redirect vulnerability in Adobe Connect 12.9 and earlier allows remote attackers to redirect users to arbitrary websites by crafting malicious links, requiring victim interaction to click the link. The vulnerability has low confidentiality impact with CVSS 4.3 and no confirmed active exploitation or public exploit code at time of analysis.
DOM-based Cross-Site Scripting in Adobe Connect 12.9 and earlier enables session hijacking when high-privileged administrators interact with attacker-crafted pages. Scope change to 'C' indicates the attacker can pivot beyond the vulnerable component's security boundary, allowing privileged session takeover that impacts both confidentiality and integrity at high levels. No active exploitation confirmed per CISA KEV at time of analysis. Adobe has released security advisory APSB25-70 addressing this vulnerability.
Adobe Commerce versions 2.4.9-alpha2 through 2.4.4-p15 are vulnerable to an incorrect authorization flaw that allows remote, unauthenticated attackers to bypass security controls and gain unauthorized read access to sensitive data. The vulnerability requires specific conditions beyond the attacker's control and does not require user interaction, but carries a moderate CVSS score of 5.9 reflecting high confidentiality impact and high attack complexity.
A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration allows Stored XSS.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Session hijacking in Adobe Commerce (Magento) 2.4.x through 2.4.9-alpha2 allows remote unauthenticated attackers to take over active user sessions via improper input validation, confirmed actively exploited (CISA KEV). With 73.72% EPSS score (99th percentile) and public exploit code available, this represents a critical, widespread threat to e-commerce platforms. Attackers gain unauthorized access to user accounts including administrative sessions without requiring victim interaction.
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated remote code execution with changed scope (CVSS 10.0).
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.