Adobe Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).

  1. Vendors
  2. Adobe

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Adobe product.

RSS Feeds for Adobe security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Adobe products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Adobe Sorted by Most Security Vulnerabilities since 2018

Adobe Experience Manager1046 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms

Adobe Acrobat454 vulnerabilities
Application for working with PDF documents

Adobe Commerce160 vulnerabilities

Adobe ColdFusion158 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.

Adobe InDesign152 vulnerabilities

Adobe Magento146 vulnerabilities

Adobe Commerce127 vulnerabilities

Adobe Illustrator116 vulnerabilities

Adobe Dimension107 vulnerabilities

Adobe Photoshop88 vulnerabilities
Popular Photo Editing Software

Adobe Bridge78 vulnerabilities

Adobe Substance 3d Stager77 vulnerabilities

Adobe Animate77 vulnerabilities

Adobe Commerce B2b71 vulnerabilities

Adobe Framemaker68 vulnerabilities

Adobe Substance 3d Painter67 vulnerabilities

Adobe After Effects67 vulnerabilities

Adobe Connect50 vulnerabilities

Adobe Incopy39 vulnerabilities

Adobe Substance 3d Designer38 vulnerabilities

Adobe Substance 3d Modeler37 vulnerabilities

Adobe Media Encoder36 vulnerabilities

Adobe Xmp Toolkit Software Development Kit28 vulnerabilities

Adobe Audition26 vulnerabilities

Adobe Substance 3d Sampler25 vulnerabilities

Adobe Premiere Pro22 vulnerabilities

Adobe Creative Cloud Desktop Application21 vulnerabilities
The desktop client for Adobe Creative Cloud

Adobe Magento Commerce21 vulnerabilities

Adobe Premiere Rush11 vulnerabilities

Adobe Substance 3d Viewer10 vulnerabilities

Adobe Format Plugins9 vulnerabilities

Adobe Dreamweaver9 vulnerabilities

Adobe Lightroom6 vulnerabilities

Adobe Experience Manager Screens6 vulnerabilities

Adobe Reader6 vulnerabilities

Adobe Photoshop Elements3 vulnerabilities

Adobe Framemaker Publishing Server2 vulnerabilities

Adobe Robohelp2 vulnerabilities

Adobe Acrobat 20201 vulnerability

Adobe Acrobat Reader 20171 vulnerability

Adobe Acrobat Reader 20201 vulnerability

Adobe Aero1 vulnerability

Adobe Acrobat 20171 vulnerability

Adobe Air Sdk Compiler1 vulnerability

Adobe Pdf Library Sdk1 vulnerability

Adobe Pass1 vulnerability

Adobe Livecycle1 vulnerability

Adobe Lifecycle Data Services1 vulnerability

Recent Adobe Security Advisories

Advisory Title Published
APSB26-22 Security updates available for Adobe Substance3D - Modeler | APSB26-22 February 10, 2026
APSB26-06 Security Updates Available for Adobe Lightroom | APSB26-06 February 10, 2026
APSB26-17 Security Update Available for Adobe InDesign | APSB26-17 February 10, 2026
APSB26-14 Security Updates Available for Adobe Audition | APSB26-14 February 10, 2026
APSB26-21 Security Updates Available for Adobe Bridge | APSB26-21 February 10, 2026
APSB26-23 Security update available for Adobe DNG Software Development Kit (SDK) | APSB26-23 February 10, 2026
APSB26-11 Security updates available for Adobe Substance 3D - Sampler | APSB26-11 January 14, 2026
APSB26-02 Security Update Available for Adobe InDesign | APSB26-02 January 13, 2026
APSB26-04 Security Update Available for Adobe InCopy | APSB26-04 January 13, 2026
APSB26-01 Security update available for Adobe Dreamweaver | APSB26-01 January 13, 2026

Known Exploited Adobe Vulnerabilities

The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Adobe Commerce and Magento Improper Input Validation Vulnerability Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
CVE-2025-54236 Exploit Probability: 73.7% 		October 24, 2025
Adobe Experience Manager Forms Code Execution Vulnerability Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
CVE-2025-54253 Exploit Probability: 28.7% 		October 15, 2025
Adobe ColdFusion Deserialization Vulnerability Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
CVE-2017-3066 Exploit Probability: 93.4% 		February 24, 2025
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
CVE-2024-20767 Exploit Probability: 94.1% 		December 16, 2024
Adobe Flash Player Double Free Vulnerablity Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0502 Exploit Probability: 89.0% 		September 17, 2024
Adobe Flash Player Incorrect Default Permissions Vulnerability Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0643 Exploit Probability: 57.9% 		September 17, 2024
Adobe Flash Player Code Execution Vulnerability Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0648 Exploit Probability: 54.7% 		September 17, 2024
Adobe Flash Player Integer Underflow Vulnerablity Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0497 Exploit Probability: 93.0% 		September 17, 2024
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
CVE-2024-34102 Exploit Probability: 94.1% 		July 17, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-38203 Exploit Probability: 94.3% 		January 8, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-29300 Exploit Probability: 93.7% 		January 8, 2024
Adobe Acrobat and Reader Use-After-Free Vulnerability Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
CVE-2023-21608 Exploit Probability: 84.1% 		October 10, 2023
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
CVE-2023-26369 Exploit Probability: 0.6% 		September 14, 2023
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
CVE-2023-26359 Exploit Probability: 84.7% 		August 21, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-29298 Exploit Probability: 94.3% 		July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-38205 Exploit Probability: 94.3% 		July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution.
CVE-2023-26360 Exploit Probability: 94.3% 		March 15, 2023
Adobe Flash Player Memory Corruption Vulnerability Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service.
CVE-2010-1297 Exploit Probability: 93.0% 		June 8, 2022
Adobe Acrobat and Reader Double Free Vulnerability Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
CVE-2018-4990 Exploit Probability: 62.0% 		June 8, 2022
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service.
CVE-2009-1862 Exploit Probability: 58.6% 		June 8, 2022

Of the known exploited vulnerabilities above, 13 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited Adobe vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Adobe Vulnerabilities

Based on the current exploit probability, these Adobe vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2018-15961 94.4% Adobe ColdFusion Remote Code Execution
2 CVE-2023-26360 94.3% Adobe ColdFusion Improper Access Control Vulnerability
3 CVE-2023-38205 94.3% Adobe ColdFusion Improper Access Control Vulnerability
4 CVE-2023-29298 94.3% Adobe ColdFusion Improper Access Control Vulnerability
5 CVE-2010-2861 94.3% Adobe ColdFusion Directory Traversal Vulnerability
6 CVE-2023-38203 94.3% Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
7 CVE-2024-20767 94.1% Adobe ColdFusion Improper Access Control Vulnerability
8 CVE-2024-34102 94.1% Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V
9 CVE-2018-15982 93.8% Adobe Flash Player Use-After-Free Vulnerability
10 CVE-2008-2992 93.7% Adobe Reader and Acrobat Input Validation Vulnerability

By the Year

In 2026 there have been 69 vulnerabilities in Adobe with an average score of 7.1 out of ten. Last year, in 2025 Adobe had 817 security vulnerabilities published. Right now, Adobe is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.73.




Year Vulnerabilities Average Score
2026 69 7.06
2025 817 6.33
2024 753 6.20
2023 668 6.35
2022 421 6.80
2021 323 6.73
2020 344 7.74
2019 324 6.72
2018 94 7.91

It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-21349 Feb 10, 2026
Lightroom Desktop <15.1: OOB Write Allows Arbitrary Code Exec Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Lightroom
CVE-2026-21348 Feb 10, 2026
Substance3D Modeler before 1.22.5: OOB Read Info Disclosure Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Modeler
CVE-2026-21352 Feb 10, 2026
DNG SDK <1.7.1 : OOB Write Arbitrary Code Exec (User-Interaction) DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-21354 Feb 10, 2026
Integer Overflow in DNG SDK 1.7.1 and earlier causes DoS via malicious file DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-21353 Feb 10, 2026
DNG SDK <1.7.1 Integer Overflow => Arbitrary Code Exec DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-21355 Feb 10, 2026
Adobe DNG SDK 1.7.1 OOB read memory info disclosure DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-21346 Feb 10, 2026
Bridge < 16.0.1 OOB Write Allows Arbitrary Code Exec Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Bridge
CVE-2026-21347 Feb 10, 2026
Bridge 15.1.3/16.0.1 Integer Overflow/Wraparound => Remote Code Exec Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Bridge
CVE-2026-21344 Feb 10, 2026
Substance3D Stager 3.1.6 OOB Read in File Parser Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Stager
CVE-2026-21343 Feb 10, 2026
Substance3D Stager 3.1.6 OOB Read CVE-2026-21343 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Stager
CVE-2026-21341 Feb 10, 2026
Substance3D Stager 3.1.6 & older OOB Write Arbitrary Code Exec Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Stager
CVE-2026-21345 Feb 10, 2026
Substance3D Stager 3.1.6 OOB Read Vulnerability Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Stager
CVE-2026-21342 Feb 10, 2026
Out-of-Bounds Write in Substance3D Stager <3.1.6: Arbitrary Code Exec Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Stager
CVE-2026-21335 Feb 10, 2026
Substance3D Designer <15.1.0 OOB WriteArbitrary Exec Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-21337 Feb 10, 2026
Substance3D Designer OOB Read before 15.1.0 via malicious file Substance3D - Designer versions 15.1.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-21339 Feb 10, 2026
Substance3D Designer <15.1.0: OOB read memory disclosure Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-21334 Feb 10, 2026
Substance3D Designer OOB Write CVE-2026-21334 (v15.1.0 or earlier) Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-21338 Feb 10, 2026
Substance3D Designer 15.1.0 NPE causes DoS via malicious file Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-21340 Feb 10, 2026
OOB Read in Adobe Substance3D Designer <15.1 Exposes Data (CVE-2026-21340) Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-21336 Feb 10, 2026
Substance3D Designer <=15.1.0 NULL Pointer Denial-of-Service Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-21358 Feb 10, 2026
InDesign Desktop Heap Buffer Overflow v21.1 and earlier InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
InDesign
CVE-2026-21332 Feb 10, 2026
Adobe InDesign Desktop 21.1: OOB read exposes memory InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
InDesign
CVE-2026-21357 Feb 10, 2026
Adobe InDesign Desktop 21.1/20.5.1 Heap Overflow - Arbitrary Code via File InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
InDesign
CVE-2026-21329 Feb 10, 2026
Adobe After Effects <=25.6 UAF Vulnerability (CVE-2026-21329) After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21323 Feb 10, 2026
Adobe After Effects 25.6 UAF CVE-2026-21323 After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21324 Feb 10, 2026
After Effects v25.6 OOB Read Allows Code Exec via Malicious File After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21326 Feb 10, 2026
Adobe After Effects 25.6 UAF (Arb Code Exec, User Interaction) After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21322 Feb 10, 2026
After Effects 25.6 and Earlier OOB Read in File Parser, Code Exec After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21318 Feb 10, 2026
Adobe After Effects <=25.6 OOB Write -> RCE via Malicious File After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21328 Feb 10, 2026
Adobe After Effects OOB Write Vulnerability (25.6) CVE-2026-21328 After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21319 Feb 10, 2026
Adobe After Effects <=25.6 OOB Read After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21350 Feb 10, 2026
Adobe After Effects <=25.6: NULL Pointer Deref DoS via Malicious File After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21330 Feb 10, 2026
After Effects 25.6 and earlier: Type Confusion CVE-2026-21330 After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21325 Feb 10, 2026
After Effects <=25.6 OOB Read in Parser Code Exec After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21327 Feb 10, 2026
Adobe After Effects: OOB Write (Arbitrary Code Exec) v25.6- After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21320 Feb 10, 2026
Adobe After Effects <=25.6 Use-After-Free Arbitrary Code Exec After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21321 Feb 10, 2026
Adobe AE <=25.6: Integer Overflow permits arbitrary code exec via file After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21351 Feb 10, 2026
Adobe After Effects UAFL exploitable via malicious file (<=25.6) After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-21316 Feb 10, 2026
Adobe Audition <=25.3 mem access after buffer leading to DoS Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Audition
CVE-2026-21312 Feb 10, 2026
Adobe Audition <=25.3 OOB Write Arbitrary Code Exec via Malicious File Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Audition
CVE-2026-21315 Feb 10, 2026
OOB Read in Adobe Audition <=25.3 leads to memory exposure Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Audition
CVE-2026-21313 Feb 10, 2026
Adobe Audition <=25.3 OOB Read memory exposure Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Audition
CVE-2026-21317 Feb 10, 2026
Adobe Audition <25.3: OOB Read Vulnerability Exposing Memory Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Audition
CVE-2026-21314 Feb 10, 2026
Adobe Audition 25.3 OOB Read in Media Parser Leads to Memory Exposure Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Audition
CVE-2026-21301 Jan 13, 2026
Substance3D Modeler NULL Pointer Deref v1.22.4 DoS Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Modeler
CVE-2026-21299 Jan 13, 2026
Substance3D Modeler <=1.22.4 OOB write -> code exec w/ user interaction (Adobe) Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Modeler
CVE-2026-21298 Jan 13, 2026
Substance3D Modeler <=1.22.4 OOB Write Arbitrary Code Exec Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Modeler
CVE-2026-21300 Jan 13, 2026
Substance3D Modeler 1.22.4 NULL Deref DoS Vulnerability Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Modeler
CVE-2026-21303 Jan 13, 2026
Substance3D Modeler <=1.22.4 OOB Read leading to memory exposure Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Modeler
CVE-2026-21302 Jan 13, 2026
Adobe Substance3D Modeler <=1.22.4 OOB Read Reveals Memory Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Modeler
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.