Adobe Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).

  1. Vendors
  2. Adobe

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Adobe product.

RSS Feeds for Adobe security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Adobe products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Adobe Sorted by Most Security Vulnerabilities since 2018

Adobe Experience Manager1089 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms

Adobe Acrobat460 vulnerabilities
Application for working with PDF documents

Adobe Commerce194 vulnerabilities

Adobe ColdFusion165 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.

Adobe Commerce161 vulnerabilities

Adobe InDesign161 vulnerabilities

Adobe Magento146 vulnerabilities

Adobe Illustrator128 vulnerabilities

Adobe Dimension107 vulnerabilities

Adobe Photoshop90 vulnerabilities
Popular Photo Editing Software

Adobe Bridge85 vulnerabilities

Adobe Substance 3d Stager84 vulnerabilities

Adobe Framemaker79 vulnerabilities

Adobe Substance 3d Painter78 vulnerabilities

Adobe Animate77 vulnerabilities

Adobe Commerce B2b71 vulnerabilities

Adobe After Effects71 vulnerabilities

Adobe Connect61 vulnerabilities

Adobe Substance 3d Designer43 vulnerabilities

Adobe Incopy42 vulnerabilities

Adobe Media Encoder38 vulnerabilities

Adobe Substance 3d Modeler37 vulnerabilities

Adobe Xmp Toolkit Software Development Kit28 vulnerabilities

Adobe Premiere Pro26 vulnerabilities

Adobe Audition26 vulnerabilities

Adobe Substance 3d Sampler25 vulnerabilities

Adobe Creative Cloud Desktop Application21 vulnerabilities
The desktop client for Adobe Creative Cloud

Adobe Magento Commerce21 vulnerabilities

Adobe Experience Manager Screens15 vulnerabilities

Adobe Reader12 vulnerabilities

Adobe Premiere Rush11 vulnerabilities

Adobe Substance 3d Viewer10 vulnerabilities

Adobe Format Plugins9 vulnerabilities

Adobe Dreamweaver9 vulnerabilities

Adobe Lightroom6 vulnerabilities

Adobe Photoshop Elements3 vulnerabilities

Adobe Robohelp2 vulnerabilities

Adobe Framemaker Publishing Server2 vulnerabilities

Adobe Acrobat 20201 vulnerability

Adobe Acrobat Reader 20171 vulnerability

Adobe Acrobat Reader 20201 vulnerability

Adobe Aero1 vulnerability

Adobe Acrobat 20171 vulnerability

Adobe Air Sdk Compiler1 vulnerability

Adobe Pdf Library Sdk1 vulnerability

Adobe Pass1 vulnerability

Adobe Livecycle1 vulnerability

Adobe Lifecycle Data Services1 vulnerability

Recent Adobe Security Advisories

Advisory Title Published
APSB26-53 Security updates available for Adobe CAI Content Credentials | APSB26-53 May 12, 2026
APSB26-54 Security updates available for Adobe Substance 3D - Sampler | APSB26-54 May 12, 2026
APSB26-47 Security Updates Available for Adobe Media Encoder | APSB26-47 May 12, 2026
APSB26-51 Security Updates Available for Adobe Illustrator | APSB26-42 APSB26-51 May 12, 2026
APSB26-50 Security updates available for Adobe Connect | APSB26-50 May 12, 2026
APSB26-49 Security Updates Available for Adobe Commerce | APSB26-49 May 12, 2026
APSB26-39 Security Updates Available for Adobe Bridge | APSB26-39 April 14, 2026
APSB26-34 Security updates available for Adobe Experience Manager Screens | APSB26-34 April 14, 2026
APSB26-37 Security updates available for Adobe Connect | APSB2 APSB26-37 April 14, 2026
APSB26-44 Prenotification Security Advisory for Adobe Acrobat and Reader  | APSB26-44 April 14, 2026

Known Exploited Adobe Vulnerabilities

The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Adobe Acrobat Use-After-Free Vulnerability Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
CVE-2020-9715 Exploit Probability: 77.5% 		April 13, 2026
Adobe Acrobat and Reader Prototype Pollution Vulnerability Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
CVE-2026-34621 Exploit Probability: 6.1% 		April 13, 2026
Adobe Commerce and Magento Improper Input Validation Vulnerability Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
CVE-2025-54236 Exploit Probability: 64.8% 		October 24, 2025
Adobe Experience Manager Forms Code Execution Vulnerability Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
CVE-2025-54253 Exploit Probability: 19.7% 		October 15, 2025
Adobe ColdFusion Deserialization Vulnerability Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
CVE-2017-3066 Exploit Probability: 93.7% 		February 24, 2025
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
CVE-2024-20767 Exploit Probability: 94.0% 		December 16, 2024
Adobe Flash Player Double Free Vulnerablity Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0502 Exploit Probability: 90.6% 		September 17, 2024
Adobe Flash Player Incorrect Default Permissions Vulnerability Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0643 Exploit Probability: 58.6% 		September 17, 2024
Adobe Flash Player Code Execution Vulnerability Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0648 Exploit Probability: 55.5% 		September 17, 2024
Adobe Flash Player Integer Underflow Vulnerablity Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0497 Exploit Probability: 93.2% 		September 17, 2024
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
CVE-2024-34102 Exploit Probability: 94.1% 		July 17, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-38203 Exploit Probability: 94.2% 		January 8, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-29300 Exploit Probability: 93.7% 		January 8, 2024
Adobe Acrobat and Reader Use-After-Free Vulnerability Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
CVE-2023-21608 Exploit Probability: 77.5% 		October 10, 2023
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
CVE-2023-26369 Exploit Probability: 0.5% 		September 14, 2023
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
CVE-2023-26359 Exploit Probability: 85.7% 		August 21, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-29298 Exploit Probability: 94.3% 		July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-38205 Exploit Probability: 94.2% 		July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution.
CVE-2023-26360 Exploit Probability: 94.3% 		March 15, 2023
Adobe Acrobat and Reader Double Free Vulnerability Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
CVE-2018-4990 Exploit Probability: 51.5% 		June 8, 2022

Of the known exploited vulnerabilities above, 13 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Adobe vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Adobe Vulnerabilities

Based on the current exploit probability, these Adobe vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2018-15961 94.4% Adobe ColdFusion Remote Code Execution
2 CVE-2023-26360 94.3% Adobe ColdFusion Improper Access Control Vulnerability
3 CVE-2023-29298 94.3% Adobe ColdFusion Improper Access Control Vulnerability
4 CVE-2023-38203 94.2% Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
5 CVE-2023-38205 94.2% Adobe ColdFusion Improper Access Control Vulnerability
6 CVE-2010-2861 94.1% Adobe ColdFusion Directory Traversal Vulnerability
7 CVE-2024-34102 94.1% Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V
8 CVE-2024-20767 94.0% Adobe ColdFusion Improper Access Control Vulnerability
9 CVE-2009-0927 93.8% Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
10 CVE-2008-2992 93.7% Adobe Reader and Acrobat Input Validation Vulnerability

By the Year

In 2026 there have been 260 vulnerabilities in Adobe with an average score of 6.8 out of ten. Last year, in 2025 Adobe had 817 security vulnerabilities published. Right now, Adobe is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.43.




Year Vulnerabilities Average Score
2026 260 6.77
2025 817 6.33
2024 753 6.20
2023 668 6.35
2022 421 6.80
2021 323 6.73
2020 344 7.74
2019 324 6.72
2018 94 7.91

It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-34672 May 12, 2026
Integer Underflow in Adobe CAI Content Credentials v0.78.2 or earlier causing DOS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34671 May 12, 2026
CAI Content Credentials 0.78.2/0.7.0 Integer Overflow DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34678 May 12, 2026
Adobe CAI Content Credentials 0.78.2 Uncontrolled Resource Consumption (DoS) CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34669 May 12, 2026
Adobe CAI Content Credentials <=0.78.2 Improper Input Validation (DoS) CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34688 May 12, 2026
CAI Content Credentials v<0.78.2 Improper Input Validation DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34680 May 12, 2026
Adobe CAI Content Credentials <0.78.2 DOS via Int Overflow CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34668 May 12, 2026
CAI Content Credentials <=0.78.2 Improper Input Validation DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34673 May 12, 2026
Adobe CAI Content Credentials <=0.78.2 Uncontrolled Resource Consumption DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34667 May 12, 2026
CAI Content Credentials <0.78.2 Integer Underflow DOF CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34665 May 12, 2026
CAI Content Credentials <=0.78.2 Uncontrolled Resource Consumption DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34670 May 12, 2026
Improper Input Validation in Adobe CAI Content Credentials <=0.78.2 Enables DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34679 May 12, 2026
Adobe CAI Content Credentials 0.78.2 Improper Input Validation DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34666 May 12, 2026
Adobe CAI Content Credentials <=0.78.2: Improper Input Validation DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34677 May 12, 2026
Uncontrolled RC in Adobe CAI Content Credentials <0.78.2, DoS CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34656 May 12, 2026
Improper Authorization in Adobe Commerce <2.5 Bypass Write Access Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.
Adobe Commerce
Commerce
CVE-2026-34658 May 12, 2026
Adobe Commerce <=2.4.9-beta1 XSS in form fields Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.
Adobe Commerce
Commerce
CVE-2026-34650 May 12, 2026
Uncontrolled Resource Consumption in Adobe Commerce <2.4.9-beta1 (DoS) Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce
Commerce
CVE-2026-34686 May 12, 2026
Adobe Commerce <=2.4.9-beta1 Stored XSS in Form Fields Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.
Adobe Commerce
Commerce
CVE-2026-34647 May 12, 2026
Adobe Commerce SSRF Bypass (v2.4.9-beta1 & earlier) Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Adobe Commerce
Commerce
CVE-2026-34685 May 12, 2026
Adobe Commerce 2.4.x Improper Input Validation Security Feature Bypass Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing.] are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Adobe Commerce
Commerce
CVE-2026-34653 May 12, 2026
Adobe Commerce 2.4.9-beta1 & earlier Path Traversal: FS Read/Write Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker with administrative privileges could exploit this vulnerability to read or write files outside the restricted directory. Exploitation of this issue does not require user interaction. Scope is changed.
Adobe Commerce
Commerce
CVE-2026-34652 May 12, 2026
Adhoc Third-Party Dep Crash: Adobe Commerce <=2.4.9-beta1 (DOS) Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce
Commerce
CVE-2026-34645 May 12, 2026
Adobe Commerce 2.4.9-beta1-2.4.4-p17 Incorrect Auth Bypass Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Adobe Commerce
Commerce
CVE-2026-34648 May 12, 2026
Adobe Commerce Uncontrolled Resource Consumption Vulnerability (DoS) v<=2.4.9-beta1 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce
Commerce
CVE-2026-34649 May 12, 2026
Adobe Commerce Uncontrolled Resource Consumption DoS (pre 2.4.9-beta1) Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce
Commerce
CVE-2026-34655 May 12, 2026
Adobe Commerce <=2.4.9-beta1 Stored XSS in Form Fields Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.
Adobe Commerce
Commerce
CVE-2026-34654 May 12, 2026
Adobe Commerce <2.4.9-beta1 Dependency Third-Party Component DoS Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce
Commerce
CVE-2026-34651 May 12, 2026
Adobe Commerce Uncontrolled Resource Consumption DoS before 2.4.9-beta1 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce
Commerce
CVE-2026-34646 May 12, 2026
Adobe Commerce 2.4.8-p4 & earlier: Incorrect Auth bypass for write access Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Adobe Commerce
Commerce
CVE-2026-34690 May 12, 2026
Adobe AE 26.0 Buffer Overflow Enables Code Exec (CVE-2026-34690) After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-34659 May 12, 2026
Adobe Connect <2025.9.15: Deserialization Untrusted Data -> Arbitrary Code Exec Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Connect
CVE-2026-34660 May 12, 2026
Adobe Connect <2025.9.15 Incorrect Auth Allows Arbitrary Code Exec Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Connect
CVE-2026-34682 May 12, 2026
Adobe Substance3D Designer <15.1.0: OOB Write Arbitrary Code Exec Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-34681 May 12, 2026
Substance3D Designer OOB Write <=15.1.0 Arbitrary Code Exec Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-34684 May 12, 2026
Substance3D Designer <15.1.0: OOB Write in Designer Engine Arbitrary Code Exec Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-34683 May 12, 2026
Substance3D Designer <=15.1.0 OOB Write leads to arbitrary code execution Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Designer
CVE-2026-34664 May 12, 2026
Substance3D Designer 15.1.0 Path Traversal FS read Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Substance 3d Designer
CVE-2026-34662 May 12, 2026
Adobe Illustrator <29.8.6/30.3 NULL Pointer Deref DoS Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Illustrator
CVE-2026-34663 May 12, 2026
Adobe Illustrator 30.3 OOB Read Disclosure Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Illustrator
CVE-2026-34687 May 12, 2026
Illustrator Heap Buffer Overflow v29.8.6-30.3 can lead to code execution Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Illustrator
CVE-2026-34661 May 12, 2026
Adobe Illustrator <30.3 OOBW in File Parser Arbitrary Code Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Illustrator
CVE-2026-34676 May 12, 2026
Substance3D Painter <=12.0.2 OOB Write Arbitrary Code Execution (Adobe) Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Painter
CVE-2026-34675 May 12, 2026
Substance3D Painter 12.0.2 OOB Write in File Parser Arbitrary Code Exec Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance 3d Painter
CVE-2026-34644 May 12, 2026
Adobe After Effects: Integer Overflow before 26.0 causes arbitrary code execution After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-34643 May 12, 2026
After Effects 26.0/25.6.4 OOB Write Arbitrary Code Exec (Adobe) After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-34642 May 12, 2026
After Effects Heap Overflow (v26.0, v25.6.4) Arbitrary Code Exec After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
After Effects
CVE-2026-34639 May 12, 2026
Adobe Media Encoder <=25.6.4 OOB Write Enables Arbitrary Code Exec Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Media Encoder
CVE-2026-34640 May 12, 2026
Adobe Media Encoder <v26.0.2 Integer Wraparound => Arbitrary Code Execution Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Media Encoder
CVE-2026-34637 May 12, 2026
Premiere Pro <26.0.2 CVE-2026-34637 OOB Write Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Premiere Pro
CVE-2026-34638 May 12, 2026
UAFF in Premiere Pro <26.0.2 (exploits via malicious file) Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Premiere Pro
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.