80
CVEs
1
Critical
21
High
0
KEV
2
PoC
20
Unpatched C/H
2.5%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
21
MEDIUM
57
LOW
1
Monthly CVE Trend
Affected Products (30)
Experience Manager
281
Commerce B2b
66
Magento
57
Commerce
56
Framemaker
30
Use After Free
17
Acrobat Reader Dc
15
Acrobat
15
Acrobat Dc
15
Memory Corruption
14
Indesign
13
Heap Overflow
12
Acrobat Reader
12
Illustrator
9
Pdf Tools
7
Pdf Xchange Editor
7
Substance 3d Stager
6
Null Pointer Dereference
5
Connect
5
Integer Overflow
4
PHP
3
Stack Overflow
3
Incopy
2
Deserialization
2
Pdf Xchange Pro
2
Experience Manager Forms
2
OpenSSL
1
Substance 3d Sampler
1
Open Redirect
1
Prototype Pollution
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-27809 | Integer overflow in psd-tools Python library before 1.12.2 when processing malformed RLE-compressed PSD files leads to heap overflow. PoC and patch available. | CRITICAL | 9.1 | 0.0% | 66 |
PoC
|
| CVE-2026-21290 | Stored XSS in Adobe Commerce and Magento versions 2.4.9-alpha3 through 2.4.4-p16 allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers, enabling session hijacking and data theft. Exploitation requires user interaction when a victim visits a page containing the compromised field. No patch is currently available. | HIGH | 8.7 | 0.0% | 44 |
No patch
|
| CVE-2026-34621 | Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. CVSS 9.6 (Critical) reflects network-deliverable code execution with scope change, though EPSS 0.24% (46th percentile) suggests moderate real-world exploitation probability. No public exploit identified at time of analysis. | HIGH | 8.6 | 0.2% | 43 |
PoC
No patch
|
| CVE-2026-21280 | Arbitrary code execution in Adobe Illustrator 29.8.3 and 30.0 through an untrusted search path vulnerability that allows attackers to redirect application resource lookups to malicious executables. Exploitation requires local access and user interaction to open a crafted file, but executes with full user privileges and can affect the entire system. No patch is currently available. | HIGH | 8.6 | 0.0% | 43 |
No patch
|
| CVE-2026-21333 | Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier via an untrusted search path vulnerability allows local attackers to execute malicious code with user privileges. The vulnerability requires a victim to open a specially crafted file, making it exploitable through social engineering or malicious file distribution. No patch is currently available. | HIGH | 8.6 | 0.0% | 43 |
No patch
|
| CVE-2026-21284 | Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 enables high-privileged attackers to inject malicious scripts into form fields, which execute in victim browsers during page visits. An attacker exploiting this vulnerability can achieve session hijacking and compromise both confidentiality and integrity, though successful exploitation requires user interaction and administrative privileges. No patch is currently available. | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2026-21361 | Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allows high-privileged attackers to inject malicious scripts into form fields, which execute when victims visit the affected pages. Successful exploitation enables session hijacking and compromise of user confidentiality and integrity, though user interaction is required for the attack to succeed. No patch is currently available for this vulnerability. | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2026-21311 | Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allows privileged attackers to inject malicious scripts into form fields that execute in victims' browsers, enabling session hijacking and credential theft. Exploitation requires user interaction and a high-privileged attacker account, but successful attacks compromise both confidentiality and integrity. No patch is currently available for affected versions. | HIGH | 8.0 | 0.1% | 40 |
No patch
|
| CVE-2026-27220 | Arbitrary code execution in Adobe Acrobat Reader and Acrobat (versions 24.001.30307 and earlier) via a use-after-free vulnerability requires victims to open a malicious file. Local attackers can exploit this to execute code with the privileges of the current user. No patch is currently available. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-27278 | Arbitrary code execution in Adobe Acrobat and Acrobat Reader versions 24.001.30307 and earlier stems from a use-after-free memory vulnerability triggered when users open specially crafted files. An attacker can achieve code execution with the privileges of the current user, though exploitation requires victim interaction. No patch is currently available for affected versions. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-21275 | Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. The attack requires no special privileges or system access, making it a significant risk for InDesign users who may inadvertently open malicious documents. No patch is currently available. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-21276 | Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. This local attack requires user interaction but offers no patch availability and affects all current InDesign users. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-21277 | Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow vulnerability triggered by opening a malicious file. Attackers can achieve code execution with the privileges of the affected user, requiring only social engineering to deliver the malicious document. No patch is currently available. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-21304 | Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier via a heap buffer overflow vulnerability when users open malicious files. The flaw requires user interaction but allows attackers to execute code with the privileges of the current user. No patch is currently available for this high-severity issue. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-21362 | Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier results from an out-of-bounds write flaw that executes with user privileges. An attacker can achieve code execution by crafting a malicious file that triggers the vulnerability when opened by a victim. No patch is currently available for this high-severity issue. | HIGH | 7.8 | 0.0% | 39 |
No patch
|