Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Adobe product.
RSS Feeds for Adobe security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Adobe products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Adobe Sorted by Most Security Vulnerabilities since 2018
Adobe Experience Manager1149 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms
Adobe ColdFusion172 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.
Adobe Creative Cloud Desktop Application21 vulnerabilities
The desktop client for Adobe Creative Cloud
Recent Adobe Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-67 | Security update available for Adobe DNG Software Development Kit (SDK) | APSB26-67 | June 16, 2026 |
| APSB26-58 | Security Update Available for Adobe InDesign | APSB26-58 | June 9, 2026 |
| APSB26-64 | Security updates available for Adobe ColdFusion | APSB26-38 APSB26-64 | June 9, 2026 |
| APSB26-62 | Security update available for Adobe Dreamweaver | APSB26-01 APSB26-62 | June 9, 2026 |
| APSB26-59 | Security Update Available for Adobe InCopy | APSB26-59 | June 9, 2026 |
| APSB26-56 | Security updates available for Adobe Experience Manager | APSB26-24 APSB26-56 | June 9, 2026 |
| APSB26-65 | Security updates available for Adobe Format Plugins | APSB25-114 APSB26-65 | June 9, 2026 |
| APSB26-61 | Security updates available for Content Credentials SDK | APSB26-61 | June 9, 2026 |
| APSB26-57 | Security updates available for Adobe Experience Manager (AEM) Forms | APSB26-57 | June 9, 2026 |
| APSB26-63 | Security Bulletin for Adobe Acrobat and Reader | APSB26-63 | June 9, 2026 |
Known Exploited Adobe Vulnerabilities
The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability |
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption. CVE-2009-3459 Exploit Probability: 86.5% |
May 20, 2026 |
| Adobe Acrobat Use-After-Free Vulnerability |
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution CVE-2020-9715 Exploit Probability: 48.4% |
April 13, 2026 |
| Adobe Acrobat and Reader Prototype Pollution Vulnerability |
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution. CVE-2026-34621 Exploit Probability: 7.1% |
April 13, 2026 |
| Adobe Commerce and Magento Improper Input Validation Vulnerability |
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. CVE-2025-54236 Exploit Probability: 96.7% |
October 24, 2025 |
| Adobe Experience Manager Forms Code Execution Vulnerability |
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution. CVE-2025-54253 Exploit Probability: 89.8% |
October 15, 2025 |
| Adobe ColdFusion Deserialization Vulnerability |
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution. CVE-2017-3066 Exploit Probability: 90.6% |
February 24, 2025 |
| Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel. CVE-2024-20767 Exploit Probability: 98.5% |
December 16, 2024 |
| Adobe Flash Player Incorrect Default Permissions Vulnerability |
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0643 Exploit Probability: 10.5% |
September 17, 2024 |
| Adobe Flash Player Code Execution Vulnerability |
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0648 Exploit Probability: 11.1% |
September 17, 2024 |
| Adobe Flash Player Double Free Vulnerablity |
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0502 Exploit Probability: 24.2% |
September 17, 2024 |
| Adobe Flash Player Integer Underflow Vulnerablity |
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0497 Exploit Probability: 99.9% |
September 17, 2024 |
| Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V |
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution. CVE-2024-34102 Exploit Probability: 100.0% |
July 17, 2024 |
| Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-38203 Exploit Probability: 97.0% |
January 8, 2024 |
| Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-29300 Exploit Probability: 100.0% |
January 8, 2024 |
| Adobe Acrobat and Reader Use-After-Free Vulnerability |
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. CVE-2023-21608 Exploit Probability: 61.5% |
October 10, 2023 |
| Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability |
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. CVE-2023-26369 Exploit Probability: 7.0% |
September 14, 2023 |
| Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. CVE-2023-26359 Exploit Probability: 17.9% |
August 21, 2023 |
| Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-29298 Exploit Probability: 99.8% |
July 20, 2023 |
| Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-38205 Exploit Probability: 99.7% |
July 20, 2023 |
| Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution. CVE-2023-26360 Exploit Probability: 97.1% |
March 15, 2023 |
Of the known exploited vulnerabilities above, 13 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Adobe vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Adobe Vulnerabilities
Based on the current exploit probability, these Adobe vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2024-34102 | 100.0% | Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V |
| 2 | CVE-2023-29300 | 100.0% | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
| 3 | CVE-2018-15961 | 100.0% | Adobe ColdFusion Remote Code Execution |
| 4 | CVE-2015-3113 | 99.9% | Adobe Flash Player Heap-Based Buffer Overflow Vulnerability |
| 5 | CVE-2014-0497 | 99.9% | Adobe Flash Player Integer Underflow Vulnerablity |
| 6 | CVE-2023-29298 | 99.8% | Adobe ColdFusion Improper Access Control Vulnerability |
| 7 | CVE-2023-38205 | 99.7% | Adobe ColdFusion Improper Access Control Vulnerability |
| 8 | CVE-2010-2861 | 99.7% | Adobe ColdFusion Directory Traversal Vulnerability |
| 9 | CVE-2011-0611 | 99.4% | Adobe Flash Player Remote Code Execution Vulnerability |
| 10 | CVE-2015-5119 | 99.3% | Adobe Flash Player Use-After-Free Vulnerability |
By the Year
In 2026 there have been 389 vulnerabilities in Adobe with an average score of 6.7 out of ten. Last year, in 2025 Adobe had 817 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Adobe in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.33.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 389 | 6.66 |
| 2025 | 817 | 6.33 |
| 2024 | 753 | 6.20 |
| 2023 | 668 | 6.35 |
| 2022 | 421 | 6.77 |
| 2021 | 323 | 6.73 |
| 2020 | 344 | 7.74 |
| 2019 | 324 | 6.72 |
| 2018 | 94 | 7.91 |
It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-48294 | Jun 16, 2026 |
Adobe Acrobat PDF Ext. Chrome UXSS CVE-2026-48294 (26.5.2.2)Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. |
Acrobat
|
| CVE-2026-47963 | Jun 16, 2026 |
Adobe DNG SDK <=1.7.1.2536 OOB Read Exposes Sensitive DataDNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
| CVE-2026-47934 | Jun 16, 2026 |
Adobe DNG SDK 1.7.1 OOB ReadDNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
| CVE-2026-47927 | Jun 16, 2026 |
OOB Read in Adobe DNG SDK <=1.7.1 2536 Memory disclosureDNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
| CVE-2026-47964 | Jun 16, 2026 |
Adobe DNG SDK 1.7.1-2536 Heap Buffer Overflow (CVE-2026-47964)DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
| CVE-2026-47965 | Jun 12, 2026 |
Adobe Acrobat Reader OOB Write in 24.001.30365 Arbitrary code execAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
|
| CVE-2026-34712 | Jun 09, 2026 |
CAI Content Credentials c2pa-web@0.7.1 Improper Input Validation (DoS)CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. |
|
| CVE-2026-34711 | Jun 09, 2026 |
CAI Content Credentials Integer Overflow DoS (c2pa-web <0.7.1, c2pa-v <0.80)CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. |
|
| CVE-2026-47904 | Jun 09, 2026 |
c2pa-web 0.7.1 DoS via Uncontrolled Resource ConsumptionCAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. |
|
| CVE-2026-47903 | Jun 09, 2026 |
CAI Credentials c2pa-web <=0.7.1 / c2pa <=0.80.1 Improper Input Validation DoSCAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. |
|
| CVE-2026-47902 | Jun 09, 2026 |
Uncontrolled Resource Consumption in c2pa-web <=0.7.1 & c2pa-v <=0.80.1CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. |
|
| CVE-2026-47905 | Jun 09, 2026 |
Uncontrolled Resource Consumption in c2pa-web <= 0.7.1 (CAI Content Credentials)CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. |
|
| CVE-2026-34657 | Jun 09, 2026 |
c2pa-web 0.7.1 Path Traversal -> Arbitrary File WriteCAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file. |
|
| CVE-2026-34713 | Jun 09, 2026 |
Adobe CAI Content Credentials c2pa-web@0.7.1 Uncontrolled Resource Consumption (DoS)CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. |
|
| CVE-2026-47938 | Jun 09, 2026 |
Adobe Campaign Classic <=7.4.3 SSRF may lead to code execAdobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed. |
|
| CVE-2026-48303 | Jun 09, 2026 |
Adobe Campaign Classic <7.4.3 Build 9394: Auth Bypass for Arbitrary Code ExecAdobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. |
|
| CVE-2026-48291 | Jun 09, 2026 |
Adobe Format Plugins <1.1.2 Heap Buffer Overflow Affects Arbitrary Code ExecFormat Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Format Plugins
|
| CVE-2026-48292 | Jun 09, 2026 |
Adobe Format Plugins before 1.1.2 Heap Overflow Causing Arbitrary CodeFormat Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Format Plugins
|
| CVE-2026-47929 | Jun 09, 2026 |
Adobe ColdFusion 2023.19/2025.8 Incorrect Auth Arbitrary Code ExecColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed. |
ColdFusion
|
| CVE-2026-47932 | Jun 09, 2026 |
ColdFusion 2023.19/2025.8 Path Traversal (PT) Bypass - AdobeColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. |
ColdFusion
|
| CVE-2026-47960 | Jun 09, 2026 |
ColdFusion XXE in XML Parser (before 2025.8)ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. |
ColdFusion
|
| CVE-2026-47928 | Jun 09, 2026 |
Adobe ColdFusion Improper Input Validation (Exec) <2025.8, 2023.19, earlierColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. |
ColdFusion
|
| CVE-2026-47931 | Jun 09, 2026 |
ColdFusion Improper Input Validation 2023.19/2025.8 Arbitrary Code ExecutionColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. |
ColdFusion
|
| CVE-2026-47930 | Jun 09, 2026 |
CVE-2026-47930: ColdFusion <2026 Improper Input Validation BypassColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction. |
ColdFusion
|
| CVE-2026-47933 | Jun 09, 2026 |
ColdFusion <= 2025.8 Stored XSS in form fieldsColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed. |
ColdFusion
|
| CVE-2026-47937 | Jun 09, 2026 |
U.S.P.E. in Adobe Acrobat Reader 24.001.30365/26.001.21651 & priorAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. |
Acrobat
Reader
|
| CVE-2026-47916 | Jun 09, 2026 |
Acrobat Reader UAF before 26.001.21651: AAExec via malicious fileAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47918 | Jun 09, 2026 |
Use-After-Free (UAF) in Adobe Acrobat Reader <=26.001.21651Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47915 | Jun 09, 2026 |
Acrobat Reader <24.001.30365/26.001.21651: UAF Arbitrary ExecAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47952 | Jun 09, 2026 |
Heap-based Buffer Overflow in Acrobat Reader before 26.001.21652Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47923 | Jun 09, 2026 |
Acrobat Reader OOB Read v24-26 DisclosedAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47917 | Jun 09, 2026 |
Adobe Acrobat Reader UAF 24/26, Arbitrary Code ExecutionAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47955 | Jun 09, 2026 |
Acrobat Reader 24.001.30365 & 26.001.21651 Use After Free RCEAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47924 | Jun 09, 2026 |
Acrobat Reader UEFAF Vulnerability <26.001.21651Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47919 | Jun 09, 2026 |
Adobe Acrobat Reader Use-After-Free in PDF Parser 24.x/26.xAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47926 | Jun 09, 2026 |
Acrobat Reader 24.001.x-26.001.x OOBR memory disclosureAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47921 | Jun 09, 2026 |
Acrobat Reader UAF in 24.001.30365/26.001.21651 Arbitrary Code ExecAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47920 | Jun 09, 2026 |
Acrobat Reader < 26 UAF in PDF Parser (exploit requires user interaction)Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47961 | Jun 09, 2026 |
Acrobat Reader OOB Read (v <24.001.30365)Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47913 | Jun 09, 2026 |
Adobe Acrobat Reader UAF Before 26.001.21651Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47914 | Jun 09, 2026 |
Use-After-Free in Adobe Acrobat Reader <26.001.21651Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47925 | Jun 09, 2026 |
Adobe Acrobat Reader 24/26 Integer Overflow DoS (CVE202647925)Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47912 | Jun 09, 2026 |
Acrobat Reader UAF in CVE-2026-47912, before 27 code execAcrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47959 | Jun 09, 2026 |
Acrobat Reader Stack Buffer Overflow before 26.0 (Arbitrary Code Execution)Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47911 | Jun 09, 2026 |
Acrobat Reader OOB Write CVE-2026-47911 Before 26.001.21651Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Acrobat
Reader
|
| CVE-2026-47909 | Jun 09, 2026 |
Adobe Dreamweaver <21.7 Improper Input Validation: Arbitrary File ReadDreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. |
Dreamweaver
|
| CVE-2026-47910 | Jun 09, 2026 |
Adobe Dreamweaver Desktop 21.7 Incorrect Auth Allows File ReadDreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. |
Dreamweaver
|
| CVE-2026-47907 | Jun 09, 2026 |
Adobe Dreamweaver Desktop (21.7) Improper Access Control FS ReadDreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. |
Dreamweaver
|
| CVE-2026-47906 | Jun 09, 2026 |
Dreamweaver Desktop <21.7 DEP Vulnerable 3rdParty Comp ArbCEDreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. |
Dreamweaver
|
| CVE-2026-47908 | Jun 09, 2026 |
Adobe Dreamweaver Desktop <21.7 Uninitialized Pointer Code ExecDreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Dreamweaver
|