adobe

Vendors · adobe

· 257 Critical7,242 known vulnerabilities across 180 products

Total CVEs

7,242

Critical

257

Products

180

Search All CVEs →

7,242

Products (180)

acrobat reader dc1,795 CVEs acrobat dc1,795 CVEs acrobat1,379 CVEs experience manager1,127 CVEs acrobat reader1,087 CVEs flash player1,084 CVEs air413 CVEs air sdk409 CVEs air sdk \& compiler365 CVEs reader359 CVEs flash player desktop runtime294 CVEs coldfusion215 CVEs indesign191 CVEs commerce184 CVEs experience manager cloud service183 CVEs shockwave player174 CVEs illustrator173 CVEs magento161 CVEs adobe air146 CVEs bridge136 CVEs after effects125 CVEs framemaker118 CVEs dimension116 CVEs commerce b2b111 CVEs animate102 CVEs adobe air sdk96 CVEs photoshop92 CVEs air desktop runtime88 CVEs substance 3d stager87 CVEs substance 3d painter78 CVEs photoshop cc77 CVEs connect74 CVEs digital editions71 CVEs incopy62 CVEs media encoder60 CVEs substance 3d designer43 CVEs audition42 CVEs premiere pro39 CVEs substance 3d modeler39 CVEs flash player for android35 CVEs magento open source32 CVEs substance 3d sampler29 CVEs xmp toolkit software development kit28 CVEs photoshop 202024 CVEs creative cloud24 CVEs premiere rush23 CVEs adobe commerce23 CVEs c2pa-web22 CVEs c2pa22 CVEs dreamweaver22 CVEs flash player for linux21 CVEs prelude20 CVEs robohelp server17 CVEs robohelp16 CVEs character animator15 CVEs flex15 CVEs dng software development kit15 CVEs creative cloud desktop application14 CVEs premiere elements14 CVEs bridge cc14 CVEs adobe air sdk and compiler13 CVEs flash media server13 CVEs substance 3d viewer12 CVEs campaign12 CVEs format plugins11 CVEs connect desktop application11 CVEs commerce webhooks10 CVEs digital negative software development kit9 CVEs lightroom8 CVEs experience manager forms8 CVEs illustrator cc8 CVEs phonegap8 CVEs illustrator on ipad7 CVEs download manager7 CVEs flash media server 27 CVEs illustrator cs5.56 CVEs captivate6 CVEs photoshop elements6 CVEs jrun5 CVEs livecycle data services5 CVEs experience manager screens5 CVEs pagemaker5 CVEs livecycle5 CVEs genuine service5 CVEs document server5 CVEs connect enterprise server4 CVEs photoshop cs44 CVEs creative suite4 CVEs acrobat reader 20174 CVEs acrobat 20174 CVEs acrobat 3d4 CVEs version cue4 CVEs framemaker publishing server4 CVEs flex sdk3 CVEs reader xi3 CVEs adobe content server3 CVEs blazeds3 CVEs acrobat xi3 CVEs photoshop cs5.53 CVEs brackets3 CVEs golive2 CVEs director2 CVEs contribute2 CVEs css-tools2 CVEs presenter2 CVEs campaign classic2 CVEs xd2 CVEs photoshop cs62 CVEs camera raw2 CVEs dng converter2 CVEs adobe reader2 CVEs premiere2 CVEs flash2 CVEs magento commerce2 CVEs stock api integration2 CVEs photoshop cs5.11 CVEs prelude cc1 CVEs premier pro cs41 CVEs premiere clip1 CVEs application manager1 CVEs animate cc1 CVEs premiere pro cc1 CVEs premiere pro cs41 CVEs analytics appmeasurement for flash library1 CVEs push notifications1 CVEs aero1 CVEs adobe php ria sdk1 CVEs shockwave1 CVEs studio1 CVEs extendedscript toolkit cs51 CVEs acs aem commons1 CVEs acrobat business tools1 CVEs svg-native-viewer1 CVEs svg viewer1 CVEs technical communications suite1 CVEs web content management core components1 CVEs experience manager forms add-on1 CVEs adobe consulting services commons1 CVEs extension manager cs51 CVEs fireworks1 CVEs flash cs31 CVEs flash cs41 CVEs flash cs5.51 CVEs elicensing1 CVEs flash player extended support release1 CVEs dispatcher1 CVEs flash player installer1 CVEs flex builder1 CVEs flex data services1 CVEs form client1 CVEs form designer1 CVEs device central cs51 CVEs device central cs41 CVEs freehand1 CVEs genuine integrity service1 CVEs git-server1 CVEs graphics server1 CVEs xmp toolkit1 CVEs indesign cs31 CVEs indesign cs41 CVEs indesign server1 CVEs livecycle designer1 CVEs livecycle designer es21 CVEs livecycle es41 CVEs livecycle form manager1 CVEs livecycle workflow1 CVEs coldfusion builder1 CVEs marketo sales insight1 CVEs medium1 CVEs onlocation cs41 CVEs ops-cli1 CVEs pass authentication1 CVEs pdf library sdk1 CVEs photodeluxe1 CVEs breeze licensed server1 CVEs photoshop 20211 CVEs photoshop 20221 CVEs photoshop 20231 CVEs photoshop 20241 CVEs photoshop cs51 CVEs

Recent Vulnerabilities

View all 7,242 →

CVE-2026-47905MEDIUM 6.2

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.

CVE-2026-47904MEDIUM 6.2

CVE-2026-47903MEDIUM 6.2

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

CVE-2026-47902MEDIUM 6.2

CVE-2026-34713HIGH 7.5

CVE-2026-34712HIGH 7.5

CVE-2026-34711HIGH 7.5

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

CVE-2026-34657MEDIUM 5.5

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.

CVE-2026-48303CRITICAL 10.0

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-48292HIGH 7.8

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-48291HIGH 7.8

CVE-2026-47961MEDIUM 5.5

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47960HIGH 7.4

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

CVE-2026-47959HIGH 7.8

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47955HIGH 7.8

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47952HIGH 7.8

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47937HIGH 7.4

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

CVE-2026-47933MEDIUM 4.8

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

CVE-2026-47932HIGH 8.8

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

CVE-2026-47931HIGH 8.4

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-47930HIGH 8.1

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.

CVE-2026-47929HIGH 8.4

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-47928CRITICAL 9.6

CVE-2026-47926MEDIUM 5.5

CVE-2026-47925MEDIUM 5.5

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.