Filtered by vendor Adobe
Subscribe
Total
6574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47053 | 1 Adobe | 1 Experience Manager | 2025-07-22 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | |||||
| CVE-2025-46959 | 1 Adobe | 1 Experience Manager | 2025-07-22 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | |||||
| CVE-2025-27203 | 2 Adobe, Microsoft | 2 Connect, Windows | 2025-07-18 | N/A | 9.6 CRITICAL |
| Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed. | |||||
| CVE-2025-49533 | 1 Adobe | 1 Experience Manager | 2025-07-18 | N/A | 9.8 CRITICAL |
| Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged. | |||||
| CVE-2025-49534 | 1 Adobe | 1 Experience Manager | 2025-07-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed. | |||||
| CVE-2025-49547 | 1 Adobe | 1 Experience Manager | 2025-07-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed. | |||||
| CVE-2025-46953 | 1 Adobe | 1 Experience Manager | 2025-07-15 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed. | |||||
| CVE-2025-43559 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | |||||
| CVE-2025-43563 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed. | |||||
| CVE-2025-43564 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed | |||||
| CVE-2025-47096 | 1 Adobe | 1 Experience Manager | 2025-07-15 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component. Exploitation of this issue requires user interaction in that a victim must interact with the malicious content. Low privileges are required. | |||||
| CVE-2025-49546 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 2.4 LOW |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt the availability of the application. Exploitation of this issue does not require user interaction and scope is unchanged. The vulnerable component is restricted to internal IP addresses. | |||||
| CVE-2025-30281 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed. | |||||
| CVE-2025-47110 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-07-15 | N/A | 8.4 HIGH |
| Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability. | |||||
| CVE-2025-47107 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-15 | N/A | 7.8 HIGH |
| InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43580 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2025-07-15 | N/A | 5.5 MEDIUM |
| Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-27165 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-07-14 | N/A | 5.5 MEDIUM |
| Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-47108 | 1 Adobe | 1 Substance 3d Painter | 2025-07-14 | N/A | 7.8 HIGH |
| Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43581 | 1 Adobe | 1 Substance 3d Sampler | 2025-07-14 | N/A | 7.8 HIGH |
| Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43588 | 1 Adobe | 1 Substance 3d Sampler | 2025-07-14 | N/A | 7.8 HIGH |
| Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||