Skip to main content

Adobe

5603 CVEs vendor

Monthly

CVE-2026-21290 HIGH This Week

Stored XSS in Adobe Commerce and Magento versions 2.4.9-alpha3 through 2.4.4-p16 allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers, enabling session hijacking and data theft. Exploitation requires user interaction when a victim visits a page containing the compromised field. No patch is currently available.

Adobe XSS Commerce Magento Commerce B2b
NVD VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-21289 HIGH This Week

Unauthorized data disclosure in Adobe Commerce and Magento B2B versions 2.4.4 through 2.4.9-alpha3 stems from an authorization bypass flaw that allows unauthenticated attackers to view sensitive information without user interaction. The vulnerability exploits improper access controls to circumvent security protections, exposing confidential data to remote threat actors. Currently no patch is available for affected versions.

Adobe Commerce B2b Commerce Magento
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-21286 MEDIUM This Month

Incorrect authorization controls in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allow unauthenticated remote attackers to bypass security features and gain unauthorized read access to sensitive data without user interaction. The vulnerability stems from improper access restrictions and could expose confidential information across affected Magento Commerce and Commerce B2B deployments. No patch is currently available to remediate this issue.

Adobe Commerce Magento Commerce B2b
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-21285 MEDIUM This Month

Incorrect authorization controls in Adobe Commerce 2.4.9-alpha3 through 2.4.4-p16 permit low-privileged authenticated users to bypass security features and access restricted functionality without user interaction. The vulnerability stems from improper authorization checks that fail to enforce proper access controls. No patch is currently available for affected versions.

Adobe Magento Commerce Commerce B2b
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-21284 HIGH This Week

Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 enables high-privileged attackers to inject malicious scripts into form fields, which execute in victim browsers during page visits. An attacker exploiting this vulnerability can achieve session hijacking and compromise both confidentiality and integrity, though successful exploitation requires user interaction and administrative privileges. No patch is currently available.

Adobe XSS Commerce Magento Commerce B2b
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-21282 MEDIUM This Month

Denial-of-service attacks against Adobe Commerce and Magento B2B versions 2.4.4 through 2.4.9-alpha3 are possible through improper input validation that fails to sanitize malicious payloads. An unauthenticated remote attacker can trigger application unavailability by sending specially crafted requests without requiring user interaction. No security patch is currently available for this vulnerability.

Adobe Magento Commerce Commerce B2b
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-27266 MEDIUM This Month

Adobe Experience Manager 6.5.23 and earlier contain a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts. When victims access pages containing the injected payload, the JavaScript executes in their browser context, potentially leading to session hijacking, credential theft, or other client-side attacks. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27265 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged users to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker can leverage this vulnerability to steal session tokens, credentials, or perform actions on behalf of victims within the AEM environment. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27264 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker with valid credentials can compromise other users' sessions and steal sensitive data by crafting specially crafted input. Currently no patch is available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27263 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker with valid credentials could leverage this vulnerability to steal session tokens, modify page content, or perform actions on behalf of victims who view the compromised forms. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27262 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in users' browsers when the page is viewed. An attacker with login credentials can craft payloads in vulnerable fields to steal session data or perform actions on behalf of victims. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27261 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in other users' browsers. An attacker can leverage this to steal session tokens, perform unauthorized actions, or redirect victims to malicious sites when they view compromised pages. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27260 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts through form fields that execute in other users' browsers. An attacker with valid credentials can craft payloads to steal session tokens, redirect users, or perform actions on their behalf when victims view affected pages. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27259 MEDIUM This Month

Adobe Experience Manager 6.5.23 and earlier contain a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts executed in other users' browsers. An attacker can exploit this to steal credentials, perform unauthorized actions, or deface content when victims access affected pages. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27257 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. This requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims within the application context. No patch is currently available.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27256 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. The vulnerability requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27255 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when users view the compromised pages. The vulnerability requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27254 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker can exploit this vulnerability to steal session tokens, perform unauthorized actions, or redirect users to malicious sites through script execution in victims' browsers. No patch is currently available.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27253 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with valid credentials can exploit this vulnerability to steal session tokens, perform actions on behalf of victims, or redirect users to malicious sites. No patch is currently available for this vulnerability.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27252 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in other users' browsers. An attacker can exploit this vulnerability to perform actions on behalf of victims or steal sensitive information when they visit pages containing the compromised fields. No patch is currently available for this vulnerability.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27251 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in victims' browsers. An attacker can exploit this vulnerability by injecting JavaScript that runs when other users access pages containing the compromised fields, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27250 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker could exploit this to steal session tokens, redirect users, or perform actions on behalf of victims viewing affected pages. No patch is currently available.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27249 MEDIUM This Month

Adobe Experience Manager 6.5.23 and earlier contains a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts. When victims visit pages containing the injected payload, the attacker's JavaScript executes in their browser, potentially compromising user sessions or stealing sensitive data. No patch is currently available.

Adobe XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27248 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in other users' browsers. An attacker with low privileges can craft malicious input that persists in the application and compromises confidentiality and integrity for victims who access the affected pages. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27247 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in victims' browsers when the contaminated pages are viewed. An attacker with valid credentials can exploit this to steal session tokens, credentials, or perform actions on behalf of affected users. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27244 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when users view the affected pages. A low-privileged user can exploit this to perform actions in the context of other users' browsers, potentially compromising session integrity and enabling credential theft or data exfiltration. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27242 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged attackers to inject malicious scripts into form fields that execute when victims view affected pages. The vulnerability requires user interaction and can result in session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27241 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. The vulnerability requires low-level privileges and user interaction to exploit, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available for this medium-severity issue.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27240 MEDIUM This Month

Stored XSS in Adobe Experience Manager versions 6.5.23 and earlier enables low-privileged attackers to embed malicious scripts in form fields that execute when legitimate users view the affected pages. An attacker with basic authentication can inject JavaScript that runs in victims' browsers, potentially compromising session data or performing unauthorized actions. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27239 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with login credentials can compromise victim browsers and potentially steal sensitive information or perform unauthorized actions within the application context. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27237 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in the browsers of users viewing those pages. The vulnerability requires user interaction and has limited scope of impact, affecting confidentiality and integrity but not availability. No patch is currently available for this medium-severity issue.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27236 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges and user interaction can compromise the confidentiality and integrity of victim sessions. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27235 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. A low-privileged user can exploit this to perform actions in victim browsers or steal sensitive information, though no patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27234 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers when the affected pages are viewed. The vulnerability requires user interaction and is limited to low-impact information disclosure and modification, though it can affect multiple users due to its stored nature. No patch is currently available for this issue.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27233 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in victims' browsers when they access affected pages. The vulnerability requires user interaction and can result in session hijacking, credential theft, or malware distribution. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27232 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in victims' browsers, potentially leading to session hijacking or credential theft. The vulnerability requires user interaction and is currently unpatched, with no active exploitation reported.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27231 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in users' browsers when the affected pages are accessed. An attacker with login credentials can craft payloads that persist in the application and compromise victim sessions or steal sensitive data. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27230 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers when they access affected pages. An attacker can exploit this to steal session tokens, perform unauthorized actions, or deface content with minimal user interaction required. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27229 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when the affected pages are accessed. An attacker with login credentials can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of users viewing the compromised forms. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27228 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of victims through their browsers. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27226 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts through form fields, which execute in victims' browsers when they view affected pages. The vulnerability requires user interaction and network access but can impact confidentiality and integrity across security domains. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27225 MEDIUM This Month

Adobe Experience Manager 6.5.23 and earlier contains a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts affecting other users who view the compromised pages. When a victim browses to a page containing the injected payload, the malicious JavaScript executes in their browser context, potentially enabling session hijacking or credential theft. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27224 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when they view affected pages. This requires user interaction and an authenticated attacker, but could compromise the confidentiality and integrity of user sessions. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27223 MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier enables authenticated attackers to inject malicious scripts into form fields that execute when users view affected pages. An attacker with login credentials can compromise victim browsers and steal sensitive data or perform actions on their behalf. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27272 HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.4, 30.1 and earlier through an out-of-bounds write vulnerability affecting local users who open malicious files. An attacker can exploit this to execute code with the privileges of the targeted user, requiring only that the victim interact with a crafted document. No patch is currently available for this high-severity vulnerability.

Adobe Illustrator
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27271 HIGH This Week

Heap buffer overflow in Adobe Illustrator 29.8.4 and 30.1 allows arbitrary code execution under the current user's privileges when opening a malicious file. The vulnerability requires user interaction but carries no patch availability, leaving affected systems at risk. An attacker can achieve code execution by crafting and distributing a malicious document that triggers the memory corruption flaw.

Adobe Buffer Overflow Heap Overflow Illustrator
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27270 MEDIUM This Month

Out-of-bounds memory read in Adobe Illustrator 29.8.4 and 30.1 and earlier enables attackers to disclose sensitive information from process memory by tricking users into opening malicious files. This local vulnerability requires user interaction but poses a high confidentiality risk with no available patch. Affected organizations should restrict file opening from untrusted sources until Adobe releases a fix.

Adobe Illustrator
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27268 MEDIUM This Month

Out-of-bounds memory read in Adobe Illustrator 29.8.4, 30.1 and earlier enables local attackers to extract sensitive data from process memory by tricking users into opening crafted files. No patch is currently available for this vulnerability, which requires user interaction but poses a meaningful confidentiality risk to affected users.

Adobe Illustrator
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27267 HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.4 and 30.1 through a stack-based buffer overflow when processing malicious files. Local exploitation requires user interaction to open a crafted document, executing code with the privileges of the current user. No patch is currently available for affected versions.

Adobe Buffer Overflow Stack Overflow Illustrator
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21362 HIGH This Week

Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier results from an out-of-bounds write flaw that executes with user privileges. An attacker can achieve code execution by crafting a malicious file that triggers the vulnerability when opened by a victim. No patch is currently available for this high-severity issue.

Adobe Illustrator
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21333 HIGH This Week

Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier via an untrusted search path vulnerability allows local attackers to execute malicious code with user privileges. The vulnerability requires a victim to open a specially crafted file, making it exploitable through social engineering or malicious file distribution. No patch is currently available.

Adobe Illustrator
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-27278 HIGH This Week

Arbitrary code execution in Adobe Acrobat and Acrobat Reader versions 24.001.30307 and earlier stems from a use-after-free memory vulnerability triggered when users open specially crafted files. An attacker can achieve code execution with the privileges of the current user, though exploitation requires victim interaction. No patch is currently available for affected versions.

Adobe Use After Free Acrobat Reader Dc Acrobat Acrobat Dc
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27221 MEDIUM This Month

Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.

Adobe Acrobat Dc Acrobat Reader Dc Acrobat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27220 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader and Acrobat (versions 24.001.30307 and earlier) via a use-after-free vulnerability requires victims to open a malicious file. Local attackers can exploit this to execute code with the privileges of the current user. No patch is currently available.

Adobe Use After Free Acrobat Reader Dc Acrobat Acrobat Dc
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27809 PyPI CRITICAL POC PATCH Act Now

Integer overflow in psd-tools Python library before 1.12.2 when processing malformed RLE-compressed PSD files leads to heap overflow. PoC and patch available.

Adobe Python Denial Of Service Psd Tools
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-24481 NuGet HIGH PATCH This Week

Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.

Adobe Information Disclosure Imagemagick Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21358 MEDIUM This Month

InDesign versions 21.1, 20.5.1 and earlier contain a heap buffer overflow that enables local denial-of-service attacks when users open malicious files. An attacker can crash the application to disrupt workflow, though no patch is currently available. User interaction is required for exploitation.

Adobe Buffer Overflow Heap Overflow Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21357 HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.1, 20.5.1, and earlier through a heap buffer overflow vulnerability triggered by opening a malicious file. The vulnerability requires user interaction and executes with the privileges of the current user, with no patch currently available. Local attackers can leverage this to achieve code execution on affected systems.

Adobe Buffer Overflow Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21332 MEDIUM This Month

Out-of-bounds memory read in Adobe InDesign versions 21.1, 20.5.1 and earlier enables disclosure of sensitive information residing in application memory. Exploitation requires a victim to open a specially crafted malicious file, making this a user-interaction dependent attack vector. No patch is currently available for affected users.

Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21304 HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier via a heap buffer overflow vulnerability when users open malicious files. The flaw requires user interaction but allows attackers to execute code with the privileges of the current user. No patch is currently available for this high-severity issue.

Adobe Buffer Overflow Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21288 MEDIUM This Month

Adobe Illustrator versions 29.8.3 and 30.0 and earlier are vulnerable to a null pointer dereference that enables local denial-of-service attacks when users open crafted files. An attacker can crash the application by supplying a malicious file, disrupting workflow for targeted users. No patch is currently available for this vulnerability.

Adobe Null Pointer Dereference Denial Of Service Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21280 HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.3 and 30.0 through an untrusted search path vulnerability that allows attackers to redirect application resource lookups to malicious executables. Exploitation requires local access and user interaction to open a crafted file, but executes with full user privileges and can affect the entire system. No patch is currently available.

Adobe Illustrator
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-21278 MEDIUM This Month

Memory disclosure in Adobe InDesign versions 21.0, 19.5.5 and earlier through out-of-bounds read allows attackers to access sensitive information from application memory when users open specially crafted malicious files. This vulnerability requires user interaction to exploit but requires no special privileges to trigger. No patch is currently available for affected versions.

Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21277 HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow vulnerability triggered by opening a malicious file. Attackers can achieve code execution with the privileges of the affected user, requiring only social engineering to deliver the malicious document. No patch is currently available.

Adobe Buffer Overflow Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21276 HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. This local attack requires user interaction but offers no patch availability and affects all current InDesign users.

Adobe Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21275 HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. The attack requires no special privileges or system access, making it a significant risk for InDesign users who may inadvertently open malicious documents. No patch is currently available.

Adobe Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64787 LOW Monitor

Improper verification of cryptographic signatures in Adobe Acrobat Reader versions up to 24.001.30264, 20.005.30803, and 25.001.20982 allows local attackers to bypass cryptographic protections and gain limited unauthorized write access to PDF documents. The vulnerability requires user interaction with a malicious or crafted PDF containing an improperly signed element. With a CVSS score of 3.3 and local attack vector, this represents a low-severity security feature bypass affecting document integrity verification.

Jwt Attack Authentication Bypass Adobe
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-64786 LOW Monitor

Improper verification of cryptographic signatures in Adobe Acrobat Reader and Acrobat DC versions up to 24.001.30273, 25.001.20982, and 20.005.30803 allows local attackers to bypass security features and gain limited unauthorized write access to PDF documents. Exploitation requires user interaction with a malicious or specially crafted cryptographic signature embedded in a PDF file. No active exploitation has been confirmed at the time of analysis.

Jwt Attack Authentication Bypass Adobe
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-64785 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader DC and Acrobat DC (all editions through versions 25.001.20982, 24.001.30273, and 20.005.30803) occurs when malicious files manipulate the application's DLL search path. Attackers achieve full code execution with current user privileges through local attack requiring social engineering to open a crafted PDF or related file. Adobe confirms the vulnerability in security bulletin APSB25-119 with patches released for all affected product lines. EPSS data not provided, but the local vector with required user interaction (AV:L/UI:R) and lack of CISA KEV listing suggest lower probability of widespread automated exploitation compared to remote vulnerabilities, though targeted attacks via phishing remain viable.

RCE Adobe
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61830 HIGH This Week

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-64174 PHP MEDIUM POC PATCH Monitor

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Adobe Magento
NVD GitHub
CVSS 4.0
4.6
EPSS
0.1%
CVE-2025-54196 MEDIUM This Month

Open redirect vulnerability in Adobe Connect 12.9 and earlier allows remote attackers to redirect users to arbitrary websites by crafting malicious links, requiring victim interaction to click the link. The vulnerability has low confidentiality impact with CVSS 4.3 and no confirmed active exploitation or public exploit code at time of analysis.

Open Redirect Adobe Connect
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49552 HIGH This Week

DOM-based Cross-Site Scripting in Adobe Connect 12.9 and earlier enables session hijacking when high-privileged administrators interact with attacker-crafted pages. Scope change to 'C' indicates the attacker can pivot beyond the vulnerable component's security boundary, allowing privileged session takeover that impacts both confidentiality and integrity at high levels. No active exploitation confirmed per CISA KEV at time of analysis. Adobe has released security advisory APSB25-70 addressing this vulnerability.

XSS Adobe
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-54265 PHP MEDIUM PATCH This Month

Adobe Commerce versions 2.4.9-alpha2 through 2.4.4-p15 are vulnerable to an incorrect authorization flaw that allows remote, unauthenticated attackers to bypass security controls and gain unauthorized read access to sensitive data. The vulnerability requires specific conditions beyond the attacker's control and does not require user interaction, but carries a moderate CVSS score of 5.9 reflecting high confidentiality impact and high attack complexity.

Authentication Bypass Adobe
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-60991 HIGH This Week

A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter.

Adobe XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-58669 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration allows Stored XSS.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Adobe XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54257 HIGH This Month

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54255 MEDIUM Monitor

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Acrobat Acrobat Dc Acrobat Reader Dc +1
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-54252 MEDIUM This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54251 MEDIUM POC This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
4.3
EPSS
8.4%
CVE-2025-54250 MEDIUM Monitor

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-54249 MEDIUM POC This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe SSRF Experience Manager
NVD
CVSS 3.1
6.5
EPSS
6.3%
CVE-2025-54248 HIGH This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-54247 MEDIUM This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-54246 MEDIUM This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54236 PHP CRITICAL POC KEV THREAT Emergency

Session hijacking in Adobe Commerce (Magento) 2.4.x through 2.4.9-alpha2 allows remote unauthenticated attackers to take over active user sessions via improper input validation, confirmed actively exploited (CISA KEV). With 73.72% EPSS score (99th percentile) and public exploit code available, this represents a critical, widespread threat to e-commerce platforms. Attackers gain unauthorized access to user accounts including administrative sessions without requiring victim interaction.

Adobe Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
73.7%
Threat
7.0
CVE-2025-42927 LOW Monitor

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Java Adobe OpenSSL SAP Information Disclosure
NVD
CVSS 3.1
3.4
EPSS
0.0%
CVE-2025-47054 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-46998 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-46962 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH This Week

Stored XSS in Adobe Commerce and Magento versions 2.4.9-alpha3 through 2.4.4-p16 allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers, enabling session hijacking and data theft. Exploitation requires user interaction when a victim visits a page containing the compromised field. No patch is currently available.

Adobe XSS Commerce +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unauthorized data disclosure in Adobe Commerce and Magento B2B versions 2.4.4 through 2.4.9-alpha3 stems from an authorization bypass flaw that allows unauthenticated attackers to view sensitive information without user interaction. The vulnerability exploits improper access controls to circumvent security protections, exposing confidential data to remote threat actors. Currently no patch is available for affected versions.

Adobe Commerce B2b Commerce +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Incorrect authorization controls in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allow unauthenticated remote attackers to bypass security features and gain unauthorized read access to sensitive data without user interaction. The vulnerability stems from improper access restrictions and could expose confidential information across affected Magento Commerce and Commerce B2B deployments. No patch is currently available to remediate this issue.

Adobe Commerce Magento +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Incorrect authorization controls in Adobe Commerce 2.4.9-alpha3 through 2.4.4-p16 permit low-privileged authenticated users to bypass security features and access restricted functionality without user interaction. The vulnerability stems from improper authorization checks that fail to enforce proper access controls. No patch is currently available for affected versions.

Adobe Magento Commerce +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 enables high-privileged attackers to inject malicious scripts into form fields, which execute in victim browsers during page visits. An attacker exploiting this vulnerability can achieve session hijacking and compromise both confidentiality and integrity, though successful exploitation requires user interaction and administrative privileges. No patch is currently available.

Adobe XSS Commerce +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Denial-of-service attacks against Adobe Commerce and Magento B2B versions 2.4.4 through 2.4.9-alpha3 are possible through improper input validation that fails to sanitize malicious payloads. An unauthenticated remote attacker can trigger application unavailability by sending specially crafted requests without requiring user interaction. No security patch is currently available for this vulnerability.

Adobe Magento Commerce +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Adobe Experience Manager 6.5.23 and earlier contain a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts. When victims access pages containing the injected payload, the JavaScript executes in their browser context, potentially leading to session hijacking, credential theft, or other client-side attacks. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged users to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker can leverage this vulnerability to steal session tokens, credentials, or perform actions on behalf of victims within the AEM environment. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker with valid credentials can compromise other users' sessions and steal sensitive data by crafting specially crafted input. Currently no patch is available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker with valid credentials could leverage this vulnerability to steal session tokens, modify page content, or perform actions on behalf of victims who view the compromised forms. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in users' browsers when the page is viewed. An attacker with login credentials can craft payloads in vulnerable fields to steal session data or perform actions on behalf of victims. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in other users' browsers. An attacker can leverage this to steal session tokens, perform unauthorized actions, or redirect victims to malicious sites when they view compromised pages. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts through form fields that execute in other users' browsers. An attacker with valid credentials can craft payloads to steal session tokens, redirect users, or perform actions on their behalf when victims view affected pages. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Adobe Experience Manager 6.5.23 and earlier contain a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts executed in other users' browsers. An attacker can exploit this to steal credentials, perform unauthorized actions, or deface content when victims access affected pages. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. This requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims within the application context. No patch is currently available.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. The vulnerability requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when users view the compromised pages. The vulnerability requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker can exploit this vulnerability to steal session tokens, perform unauthorized actions, or redirect users to malicious sites through script execution in victims' browsers. No patch is currently available.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with valid credentials can exploit this vulnerability to steal session tokens, perform actions on behalf of victims, or redirect users to malicious sites. No patch is currently available for this vulnerability.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in other users' browsers. An attacker can exploit this vulnerability to perform actions on behalf of victims or steal sensitive information when they visit pages containing the compromised fields. No patch is currently available for this vulnerability.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in victims' browsers. An attacker can exploit this vulnerability by injecting JavaScript that runs when other users access pages containing the compromised fields, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker could exploit this to steal session tokens, redirect users, or perform actions on behalf of victims viewing affected pages. No patch is currently available.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Adobe Experience Manager 6.5.23 and earlier contains a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts. When victims visit pages containing the injected payload, the attacker's JavaScript executes in their browser, potentially compromising user sessions or stealing sensitive data. No patch is currently available.

Adobe XSS
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in other users' browsers. An attacker with low privileges can craft malicious input that persists in the application and compromises confidentiality and integrity for victims who access the affected pages. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in victims' browsers when the contaminated pages are viewed. An attacker with valid credentials can exploit this to steal session tokens, credentials, or perform actions on behalf of affected users. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when users view the affected pages. A low-privileged user can exploit this to perform actions in the context of other users' browsers, potentially compromising session integrity and enabling credential theft or data exfiltration. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged attackers to inject malicious scripts into form fields that execute when victims view affected pages. The vulnerability requires user interaction and can result in session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. The vulnerability requires low-level privileges and user interaction to exploit, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available for this medium-severity issue.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager versions 6.5.23 and earlier enables low-privileged attackers to embed malicious scripts in form fields that execute when legitimate users view the affected pages. An attacker with basic authentication can inject JavaScript that runs in victims' browsers, potentially compromising session data or performing unauthorized actions. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with login credentials can compromise victim browsers and potentially steal sensitive information or perform unauthorized actions within the application context. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in the browsers of users viewing those pages. The vulnerability requires user interaction and has limited scope of impact, affecting confidentiality and integrity but not availability. No patch is currently available for this medium-severity issue.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges and user interaction can compromise the confidentiality and integrity of victim sessions. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. A low-privileged user can exploit this to perform actions in victim browsers or steal sensitive information, though no patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers when the affected pages are viewed. The vulnerability requires user interaction and is limited to low-impact information disclosure and modification, though it can affect multiple users due to its stored nature. No patch is currently available for this issue.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in victims' browsers when they access affected pages. The vulnerability requires user interaction and can result in session hijacking, credential theft, or malware distribution. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in victims' browsers, potentially leading to session hijacking or credential theft. The vulnerability requires user interaction and is currently unpatched, with no active exploitation reported.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in users' browsers when the affected pages are accessed. An attacker with login credentials can craft payloads that persist in the application and compromise victim sessions or steal sensitive data. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers when they access affected pages. An attacker can exploit this to steal session tokens, perform unauthorized actions, or deface content with minimal user interaction required. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when the affected pages are accessed. An attacker with login credentials can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of users viewing the compromised forms. No patch is currently available for this vulnerability.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of victims through their browsers. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts through form fields, which execute in victims' browsers when they view affected pages. The vulnerability requires user interaction and network access but can impact confidentiality and integrity across security domains. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Adobe Experience Manager 6.5.23 and earlier contains a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts affecting other users who view the compromised pages. When a victim browses to a page containing the injected payload, the malicious JavaScript executes in their browser context, potentially enabling session hijacking or credential theft. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when they view affected pages. This requires user interaction and an authenticated attacker, but could compromise the confidentiality and integrity of user sessions. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS in Adobe Experience Manager 6.5.23 and earlier enables authenticated attackers to inject malicious scripts into form fields that execute when users view affected pages. An attacker with login credentials can compromise victim browsers and steal sensitive data or perform actions on their behalf. No patch is currently available.

Adobe XSS Experience Manager
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.4, 30.1 and earlier through an out-of-bounds write vulnerability affecting local users who open malicious files. An attacker can exploit this to execute code with the privileges of the targeted user, requiring only that the victim interact with a crafted document. No patch is currently available for this high-severity vulnerability.

Adobe Illustrator
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap buffer overflow in Adobe Illustrator 29.8.4 and 30.1 allows arbitrary code execution under the current user's privileges when opening a malicious file. The vulnerability requires user interaction but carries no patch availability, leaving affected systems at risk. An attacker can achieve code execution by crafting and distributing a malicious document that triggers the memory corruption flaw.

Adobe Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds memory read in Adobe Illustrator 29.8.4 and 30.1 and earlier enables attackers to disclose sensitive information from process memory by tricking users into opening malicious files. This local vulnerability requires user interaction but poses a high confidentiality risk with no available patch. Affected organizations should restrict file opening from untrusted sources until Adobe releases a fix.

Adobe Illustrator
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds memory read in Adobe Illustrator 29.8.4, 30.1 and earlier enables local attackers to extract sensitive data from process memory by tricking users into opening crafted files. No patch is currently available for this vulnerability, which requires user interaction but poses a meaningful confidentiality risk to affected users.

Adobe Illustrator
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.4 and 30.1 through a stack-based buffer overflow when processing malicious files. Local exploitation requires user interaction to open a crafted document, executing code with the privileges of the current user. No patch is currently available for affected versions.

Adobe Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier results from an out-of-bounds write flaw that executes with user privileges. An attacker can achieve code execution by crafting a malicious file that triggers the vulnerability when opened by a victim. No patch is currently available for this high-severity issue.

Adobe Illustrator
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier via an untrusted search path vulnerability allows local attackers to execute malicious code with user privileges. The vulnerability requires a victim to open a specially crafted file, making it exploitable through social engineering or malicious file distribution. No patch is currently available.

Adobe Illustrator
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat and Acrobat Reader versions 24.001.30307 and earlier stems from a use-after-free memory vulnerability triggered when users open specially crafted files. An attacker can achieve code execution with the privileges of the current user, though exploitation requires victim interaction. No patch is currently available for affected versions.

Adobe Use After Free Acrobat Reader Dc +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.

Adobe Acrobat Dc Acrobat Reader Dc +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader and Acrobat (versions 24.001.30307 and earlier) via a use-after-free vulnerability requires victims to open a malicious file. Local attackers can exploit this to execute code with the privileges of the current user. No patch is currently available.

Adobe Use After Free Acrobat Reader Dc +2
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Integer overflow in psd-tools Python library before 1.12.2 when processing malformed RLE-compressed PSD files leads to heap overflow. PoC and patch available.

Adobe Python Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.

Adobe Information Disclosure Imagemagick +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

InDesign versions 21.1, 20.5.1 and earlier contain a heap buffer overflow that enables local denial-of-service attacks when users open malicious files. An attacker can crash the application to disrupt workflow, though no patch is currently available. User interaction is required for exploitation.

Adobe Buffer Overflow Heap Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.1, 20.5.1, and earlier through a heap buffer overflow vulnerability triggered by opening a malicious file. The vulnerability requires user interaction and executes with the privileges of the current user, with no patch currently available. Local attackers can leverage this to achieve code execution on affected systems.

Adobe Buffer Overflow Heap Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds memory read in Adobe InDesign versions 21.1, 20.5.1 and earlier enables disclosure of sensitive information residing in application memory. Exploitation requires a victim to open a specially crafted malicious file, making this a user-interaction dependent attack vector. No patch is currently available for affected users.

Adobe Indesign
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier via a heap buffer overflow vulnerability when users open malicious files. The flaw requires user interaction but allows attackers to execute code with the privileges of the current user. No patch is currently available for this high-severity issue.

Adobe Buffer Overflow Heap Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe Illustrator versions 29.8.3 and 30.0 and earlier are vulnerable to a null pointer dereference that enables local denial-of-service attacks when users open crafted files. An attacker can crash the application by supplying a malicious file, disrupting workflow for targeted users. No patch is currently available for this vulnerability.

Adobe Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.3 and 30.0 through an untrusted search path vulnerability that allows attackers to redirect application resource lookups to malicious executables. Exploitation requires local access and user interaction to open a crafted file, but executes with full user privileges and can affect the entire system. No patch is currently available.

Adobe Illustrator
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Memory disclosure in Adobe InDesign versions 21.0, 19.5.5 and earlier through out-of-bounds read allows attackers to access sensitive information from application memory when users open specially crafted malicious files. This vulnerability requires user interaction to exploit but requires no special privileges to trigger. No patch is currently available for affected versions.

Adobe Indesign
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow vulnerability triggered by opening a malicious file. Attackers can achieve code execution with the privileges of the affected user, requiring only social engineering to deliver the malicious document. No patch is currently available.

Adobe Buffer Overflow Heap Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. This local attack requires user interaction but offers no patch availability and affects all current InDesign users.

Adobe Indesign
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. The attack requires no special privileges or system access, making it a significant risk for InDesign users who may inadvertently open malicious documents. No patch is currently available.

Adobe Indesign
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper verification of cryptographic signatures in Adobe Acrobat Reader versions up to 24.001.30264, 20.005.30803, and 25.001.20982 allows local attackers to bypass cryptographic protections and gain limited unauthorized write access to PDF documents. The vulnerability requires user interaction with a malicious or crafted PDF containing an improperly signed element. With a CVSS score of 3.3 and local attack vector, this represents a low-severity security feature bypass affecting document integrity verification.

Jwt Attack Authentication Bypass Adobe
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper verification of cryptographic signatures in Adobe Acrobat Reader and Acrobat DC versions up to 24.001.30273, 25.001.20982, and 20.005.30803 allows local attackers to bypass security features and gain limited unauthorized write access to PDF documents. Exploitation requires user interaction with a malicious or specially crafted cryptographic signature embedded in a PDF file. No active exploitation has been confirmed at the time of analysis.

Jwt Attack Authentication Bypass Adobe
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader DC and Acrobat DC (all editions through versions 25.001.20982, 24.001.30273, and 20.005.30803) occurs when malicious files manipulate the application's DLL search path. Attackers achieve full code execution with current user privileges through local attack requiring social engineering to open a crafted PDF or related file. Adobe confirms the vulnerability in security bulletin APSB25-119 with patches released for all affected product lines. EPSS data not provided, but the local vector with required user interaction (AV:L/UI:R) and lack of CISA KEV listing suggest lower probability of widespread automated exploitation compared to remote vulnerabilities, though targeted attacks via phishing remain viable.

RCE Adobe
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe
NVD
EPSS 0% CVSS 4.6
MEDIUM POC PATCH Monitor

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Adobe +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Open redirect vulnerability in Adobe Connect 12.9 and earlier allows remote attackers to redirect users to arbitrary websites by crafting malicious links, requiring victim interaction to click the link. The vulnerability has low confidentiality impact with CVSS 4.3 and no confirmed active exploitation or public exploit code at time of analysis.

Open Redirect Adobe Connect
NVD
EPSS 0% CVSS 8.1
HIGH This Week

DOM-based Cross-Site Scripting in Adobe Connect 12.9 and earlier enables session hijacking when high-privileged administrators interact with attacker-crafted pages. Scope change to 'C' indicates the attacker can pivot beyond the vulnerable component's security boundary, allowing privileged session takeover that impacts both confidentiality and integrity at high levels. No active exploitation confirmed per CISA KEV at time of analysis. Adobe has released security advisory APSB25-70 addressing this vulnerability.

XSS Adobe
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Adobe Commerce versions 2.4.9-alpha2 through 2.4.4-p15 are vulnerable to an incorrect authorization flaw that allows remote, unauthenticated attackers to bypass security controls and gain unauthorized read access to sensitive data. The vulnerability requires specific conditions beyond the attacker's control and does not require user interaction, but carries a moderate CVSS score of 5.9 reflecting high confidentiality impact and high attack complexity.

Authentication Bypass Adobe
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter.

Adobe XSS
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration allows Stored XSS.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Adobe XSS
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +6
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Acrobat +3
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
EPSS 8% CVSS 4.3
MEDIUM POC This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
EPSS 6% CVSS 6.5
MEDIUM POC This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe SSRF Experience Manager
NVD
EPSS 0% CVSS 7.7
HIGH This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
EPSS 74% 7.0 CVSS 9.1
CRITICAL POC KEV THREAT Emergency

Session hijacking in Adobe Commerce (Magento) 2.4.x through 2.4.9-alpha2 allows remote unauthenticated attackers to take over active user sessions via improper input validation, confirmed actively exploited (CISA KEV). With 73.72% EPSS score (99th percentile) and public exploit code available, this represents a critical, widespread threat to e-commerce platforms. Attackers gain unauthorized access to user accounts including administrative sessions without requiring victim interaction.

Adobe Information Disclosure
NVD
EPSS 0% CVSS 3.4
LOW Monitor

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Java Adobe OpenSSL +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
Prev Page 3 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy