CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
79 results · Page 1/4
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Adobe · Acrobat and Reader
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Adobe Acrobat Use-After-Free Vulnerability
Adobe · Acrobat
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Adobe Acrobat and Reader Prototype Pollution Vulnerability
Adobe · Acrobat and Reader
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Adobe Commerce and Magento Improper Input Validation Vulnerability
Adobe · Commerce and Magento
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Adobe Experience Manager Forms Code Execution Vulnerability
Adobe · Experience Manager (AEM) Forms
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Adobe ColdFusion Deserialization Vulnerability
Adobe · ColdFusion
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe ColdFusion Improper Access Control Vulnerability
Adobe · ColdFusion
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe Flash Player Double Free Vulnerablity
Adobe · Flash Player
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
Required Action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Adobe Flash Player Code Execution Vulnerability
Adobe · Flash Player
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
Required Action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Adobe Flash Player Incorrect Default Permissions Vulnerability
Adobe · Flash Player
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Required Action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Adobe Flash Player Integer Underflow Vulnerablity
Adobe · Flash Player
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
Required Action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
Adobe · Commerce and Magento Open Source
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe · ColdFusion
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe · ColdFusion
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe Acrobat and Reader Use-After-Free Vulnerability
Adobe · Acrobat and Reader
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Adobe · Acrobat and Reader
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe · ColdFusion
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe ColdFusion Improper Access Control Vulnerability
Adobe · ColdFusion
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe ColdFusion Improper Access Control Vulnerability
Adobe · ColdFusion
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe · ColdFusion
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Required Action
Apply updates per vendor instructions.
Adobe Acrobat and Reader Double Free Vulnerability
Adobe · Acrobat and Reader
Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
Required Action
Apply updates per vendor instructions.
Adobe Flash Player Integer Overflow Vulnerability
Adobe · Flash Player
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Required Action
The impacted product is end-of-life and should be disconnected if still in use.
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Adobe · Flash Player
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Required Action
The impacted product is end-of-life and should be disconnected if still in use.
Adobe Flash Player Memory Corruption Vulnerability
Adobe · Flash Player
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action
The impacted product is end-of-life and should be disconnected if still in use.
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
Adobe · Reader and Acrobat
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Required Action
Apply updates per vendor instructions.
