Filtered by vendor Adobe
Subscribe
Total
6725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54244 | 1 Adobe | 1 Substance 3d Viewer | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54243 | 1 Adobe | 1 Substance 3d Viewer | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54258 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | |||||
| CVE-2025-54259 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | |||||
| CVE-2025-54260 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | |||||
| CVE-2025-54241 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | N/A | 5.5 MEDIUM |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54240 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | N/A | 5.5 MEDIUM |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54239 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | N/A | 5.5 MEDIUM |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54250 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 4.9 MEDIUM |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. | |||||
| CVE-2025-54248 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 7.7 HIGH |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is changed | |||||
| CVE-2025-54249 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 6.5 MEDIUM |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls allowing unauthorized read access. | |||||
| CVE-2025-54247 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 6.5 MEDIUM |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. | |||||
| CVE-2025-54246 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 6.5 MEDIUM |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. | |||||
| CVE-2025-54252 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. | |||||
| CVE-2025-21134 | 1 Adobe | 1 Illustrator On Ipad | 2025-09-09 | N/A | 7.8 HIGH |
| Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-21133 | 1 Adobe | 1 Illustrator On Ipad | 2025-09-09 | N/A | 7.8 HIGH |
| Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-46849 | 1 Adobe | 1 Experience Manager | 2025-08-25 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46852 | 1 Adobe | 1 Experience Manager | 2025-08-25 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46856 | 1 Adobe | 1 Experience Manager | 2025-08-25 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | |||||
| CVE-2025-46932 | 1 Adobe | 1 Experience Manager | 2025-08-25 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||