Adobe Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Adobe product.

RSS Feeds for Adobe security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Adobe products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Adobe Sorted by Most Security Vulnerabilities since 2018

Adobe Experience Manager1149 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms

Adobe Acrobat544 vulnerabilities
Application for working with PDF documents

Adobe Commerce194 vulnerabilities

Adobe ColdFusion183 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.

Adobe InDesign173 vulnerabilities

Adobe Commerce161 vulnerabilities

Adobe Magento146 vulnerabilities

Adobe Illustrator128 vulnerabilities

Adobe Dimension107 vulnerabilities

Adobe Photoshop90 vulnerabilities
Popular Photo Editing Software

Adobe Bridge85 vulnerabilities

Adobe Substance 3d Stager84 vulnerabilities

Adobe Framemaker79 vulnerabilities

Adobe Substance 3d Painter78 vulnerabilities

Adobe Animate77 vulnerabilities

Adobe Commerce B2b71 vulnerabilities

Adobe After Effects71 vulnerabilities

Adobe Connect61 vulnerabilities

Adobe Incopy45 vulnerabilities

Adobe Substance 3d Designer43 vulnerabilities

Adobe Media Encoder38 vulnerabilities

Adobe Substance 3d Modeler37 vulnerabilities

Adobe Reader32 vulnerabilities

Adobe Substance 3d Sampler29 vulnerabilities

Adobe Audition26 vulnerabilities

Adobe Premiere Pro26 vulnerabilities

Adobe Magento Commerce21 vulnerabilities

Adobe Creative Cloud Desktop Application21 vulnerabilities
The desktop client for Adobe Creative Cloud

Adobe Dreamweaver14 vulnerabilities

Adobe Format Plugins11 vulnerabilities

Adobe Premiere Rush11 vulnerabilities

Adobe Substance 3d Viewer10 vulnerabilities

Adobe Lightroom6 vulnerabilities

Adobe Photoshop Elements3 vulnerabilities

Adobe Robohelp2 vulnerabilities

Adobe Acrobat 20171 vulnerability

Adobe Acrobat 20201 vulnerability

Adobe Acrobat Reader 20171 vulnerability

Adobe Acrobat Reader 20201 vulnerability

Adobe Aero1 vulnerability

Adobe Air Sdk Compiler1 vulnerability

Adobe Pass1 vulnerability

Adobe Livecycle1 vulnerability

Adobe Pdf Library Sdk1 vulnerability

Recent Adobe Security Advisories

Advisory Title Published
APSB26-68 Security updates available for Adobe ColdFusion | APSB26-68 June 30, 2026
APSB26-69 Security updates available for Adobe Campaign Classic | APSB26-69 June 30, 2026
APSB26-67 Security update available for Adobe DNG Software Development Kit (SDK) | APSB26-67 June 16, 2026
APSB26-58 Security Update Available for Adobe InDesign | APSB26-58 June 9, 2026
APSB26-64 Security updates available for Adobe ColdFusion | APSB26-38 APSB26-64 June 9, 2026
APSB26-62 Security update available for Adobe Dreamweaver | APSB26-01 APSB26-62 June 9, 2026
APSB26-59 Security Update Available for Adobe InCopy | APSB26-59 June 9, 2026
APSB26-56 Security updates available for Adobe Experience Manager | APSB26-24 APSB26-56 June 9, 2026
APSB26-57 Security updates available for Adobe Experience Manager (AEM) Forms | APSB26-57 June 9, 2026
APSB26-63 Security Bulletin for Adobe Acrobat and Reader  | APSB26-63 June 9, 2026

Known Exploited Adobe Vulnerabilities

The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Adobe ColdFusion Path Traversal Vulnerability Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.
CVE-2026-48282
July 7, 2026
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
CVE-2009-3459 Exploit Probability: 86.5%
May 20, 2026
Adobe Acrobat Use-After-Free Vulnerability Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
CVE-2020-9715 Exploit Probability: 48.4%
April 13, 2026
Adobe Acrobat and Reader Prototype Pollution Vulnerability Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
CVE-2026-34621 Exploit Probability: 7.1%
April 13, 2026
Adobe Commerce and Magento Improper Input Validation Vulnerability Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
CVE-2025-54236 Exploit Probability: 96.7%
October 24, 2025
Adobe Experience Manager Forms Code Execution Vulnerability Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
CVE-2025-54253 Exploit Probability: 87.5%
October 15, 2025
Adobe ColdFusion Deserialization Vulnerability Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
CVE-2017-3066 Exploit Probability: 90.6%
February 24, 2025
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
CVE-2024-20767 Exploit Probability: 98.5%
December 16, 2024
Adobe Flash Player Code Execution Vulnerability Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0648 Exploit Probability: 11.1%
September 17, 2024
Adobe Flash Player Incorrect Default Permissions Vulnerability Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0643 Exploit Probability: 10.5%
September 17, 2024
Adobe Flash Player Integer Underflow Vulnerablity Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0497 Exploit Probability: 99.9%
September 17, 2024
Adobe Flash Player Double Free Vulnerablity Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0502 Exploit Probability: 24.2%
September 17, 2024
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
CVE-2024-34102 Exploit Probability: 100.0%
July 17, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-38203 Exploit Probability: 97.0%
January 8, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-29300 Exploit Probability: 100.0%
January 8, 2024
Adobe Acrobat and Reader Use-After-Free Vulnerability Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
CVE-2023-21608 Exploit Probability: 61.5%
October 10, 2023
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
CVE-2023-26369 Exploit Probability: 7.0%
September 14, 2023
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
CVE-2023-26359 Exploit Probability: 17.9%
August 21, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-29298 Exploit Probability: 99.8%
July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-38205 Exploit Probability: 99.7%
July 20, 2023

Of the known exploited vulnerabilities above, 12 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Adobe vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Adobe Vulnerabilities

Based on the current exploit probability, these Adobe vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2024-34102 100.0% Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V
2 CVE-2023-29300 100.0% Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
3 CVE-2018-15961 100.0% Adobe ColdFusion Remote Code Execution
4 CVE-2015-3113 99.9% Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
5 CVE-2014-0497 99.9% Adobe Flash Player Integer Underflow Vulnerablity
6 CVE-2023-29298 99.8% Adobe ColdFusion Improper Access Control Vulnerability
7 CVE-2023-38205 99.7% Adobe ColdFusion Improper Access Control Vulnerability
8 CVE-2010-2861 99.7% Adobe ColdFusion Directory Traversal Vulnerability
9 CVE-2011-0611 99.4% Adobe Flash Player Remote Code Execution Vulnerability
10 CVE-2015-5119 99.3% Adobe Flash Player Use-After-Free Vulnerability

By the Year

In 2026 there have been 405 vulnerabilities in Adobe with an average score of 6.7 out of ten. Last year, in 2025 Adobe had 817 security vulnerabilities published. Right now, Adobe is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.40.




Year Vulnerabilities Average Score
2026 405 6.74
2025 817 6.34
2024 753 6.20
2023 668 6.35
2022 421 6.77
2021 323 6.73
2020 344 7.74
2019 324 6.72
2018 94 7.91

It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-48267 Jul 06, 2026
DNG SDK <=1.7.1 Null Pointer Deref causing DoS DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-48316 Jul 06, 2026
ColdFusion <2025.9 Improper Input Validation Arbitrary Code Exec ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-48315 Jun 30, 2026
Adobe ColdFusion Improper Input Validation Cmd Exec (2025.9) ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
ColdFusion
CVE-2026-48281 Jun 30, 2026
Adobe ColdFusion 2025.9/2023.20 Improper Input Validation -> Arbitrary Code Exec ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-48277 Jun 30, 2026
CVE-2026-48277: Adobe ColdFusion < 2025.9 IIV - arbitrary code exec ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-48285 Jun 30, 2026
ColdFusion SSRF: Bypass security feature before v2025.9 ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-48313 Jun 30, 2026
ColdFusion 2025.9/2023.20 Path Traversal (Read/Write) ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-48314 Jun 30, 2026
Adobe ColdFusion CVE-2026-48314: Path Traversal pre-2025.9/2023.20 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to unauthorized files or directories outside the intended restrictions. Exploitation of this issue does not require user interaction.
ColdFusion
CVE-2026-48307 Jun 30, 2026
Reflected XSS in Adobe ColdFusion 2025.9/2023.20 and earlier ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed.
ColdFusion
CVE-2026-48276 Jun 30, 2026
ColdFusion 2025.9: Unrestricted File Upload, Arbitrary Code Exec ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-48282 Jun 30, 2026
Path Traversal in Adobe ColdFusion <=2025.9 for Arbitrary Code Execution ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-48283 Jun 30, 2026
Adobe ColdFusion Unrestricted File Upload -> Exec (v < 2025.9) ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-48286 Jun 30, 2026
Adobe Campaign Classic 7.4.3 Or Earlier: Incorrect Authorization Code Exec Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVE-2020-9695 Jun 23, 2026
Acrobat Reader OOB Write CVE-2020-9695 (2020.009.20074) Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
CVE-2020-9711 Jun 23, 2026
Adobe Acrobat Reader OOB Read (CVE-2020-9711) v2020.009.20074 Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
CVE-2020-9713 Jun 23, 2026
Adobe Acrobat/Reader OOB Read in PDF Parser (v 2020.009.20074 & below) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
CVE-2026-48294 Jun 16, 2026
Adobe Acrobat PDF Ext. Chrome UXSS CVE-2026-48294 (26.5.2.2) Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Acrobat
CVE-2026-47963 Jun 16, 2026
Adobe DNG SDK <=1.7.1.2536 OOB Read Exposes Sensitive Data DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47934 Jun 16, 2026
Adobe DNG SDK 1.7.1 OOB Read DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47927 Jun 16, 2026
OOB Read in Adobe DNG SDK <=1.7.1 2536 Memory disclosure DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47964 Jun 16, 2026
Adobe DNG SDK 1.7.1-2536 Heap Buffer Overflow (CVE-2026-47964) DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47965 Jun 12, 2026
Adobe Acrobat Reader OOB Write in 24.001.30365 Arbitrary code exec Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
CVE-2026-34712 Jun 09, 2026
CAI Content Credentials c2pa-web@0.7.1 Improper Input Validation (DoS) CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34711 Jun 09, 2026
CAI Content Credentials Integer Overflow DoS (c2pa-web <0.7.1, c2pa-v <0.80) CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-47904 Jun 09, 2026
c2pa-web 0.7.1 DoS via Uncontrolled Resource Consumption CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-47903 Jun 09, 2026
CAI Credentials c2pa-web <=0.7.1 / c2pa <=0.80.1 Improper Input Validation DoS CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-47902 Jun 09, 2026
Uncontrolled Resource Consumption in c2pa-web <=0.7.1 & c2pa-v <=0.80.1 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-47905 Jun 09, 2026
Uncontrolled Resource Consumption in c2pa-web <= 0.7.1 (CAI Content Credentials) CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34657 Jun 09, 2026
c2pa-web 0.7.1 Path Traversal -> Arbitrary File Write CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.
CVE-2026-34713 Jun 09, 2026
Adobe CAI Content Credentials c2pa-web@0.7.1 Uncontrolled Resource Consumption (DoS) CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-47938 Jun 09, 2026
Adobe Campaign Classic <=7.4.3 SSRF may lead to code exec Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.
CVE-2026-48303 Jun 09, 2026
Adobe Campaign Classic <7.4.3 Build 9394: Auth Bypass for Arbitrary Code Exec Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVE-2026-48291 Jun 09, 2026
Adobe Format Plugins <1.1.2 Heap Buffer Overflow Affects Arbitrary Code Exec Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Format Plugins
CVE-2026-48292 Jun 09, 2026
Adobe Format Plugins before 1.1.2 Heap Overflow Causing Arbitrary Code Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Format Plugins
CVE-2026-47929 Jun 09, 2026
Adobe ColdFusion 2023.19/2025.8 Incorrect Auth Arbitrary Code Exec ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-47932 Jun 09, 2026
ColdFusion 2023.19/2025.8 Path Traversal (PT) Bypass - Adobe ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
ColdFusion
CVE-2026-47960 Jun 09, 2026
ColdFusion XXE in XML Parser (before 2025.8) ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
ColdFusion
CVE-2026-47928 Jun 09, 2026
Adobe ColdFusion Improper Input Validation (Exec) <2025.8, 2023.19, earlier ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-47931 Jun 09, 2026
ColdFusion Improper Input Validation 2023.19/2025.8 Arbitrary Code Execution ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue does not require user interaction. Scope is changed.
ColdFusion
CVE-2026-47930 Jun 09, 2026
CVE-2026-47930: ColdFusion <2026 Improper Input Validation Bypass ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.
ColdFusion
CVE-2026-47933 Jun 09, 2026
ColdFusion <= 2025.8 Stored XSS in form fields ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.
ColdFusion
CVE-2026-47937 Jun 09, 2026
U.S.P.E. in Adobe Acrobat Reader 24.001.30365/26.001.21651 & prior Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Acrobat
Reader
CVE-2026-47916 Jun 09, 2026
Acrobat Reader UAF before 26.001.21651: AAExec via malicious file Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
Reader
CVE-2026-47918 Jun 09, 2026
Use-After-Free (UAF) in Adobe Acrobat Reader <=26.001.21651 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
Reader
CVE-2026-47915 Jun 09, 2026
Acrobat Reader <24.001.30365/26.001.21651: UAF Arbitrary Exec Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
Reader
CVE-2026-47952 Jun 09, 2026
Heap-based Buffer Overflow in Acrobat Reader before 26.001.21652 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
Reader
CVE-2026-47923 Jun 09, 2026
Acrobat Reader OOB Read v24-26 Disclosed Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
Reader
CVE-2026-47917 Jun 09, 2026
Adobe Acrobat Reader UAF 24/26, Arbitrary Code Execution Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
Reader
CVE-2026-47955 Jun 09, 2026
Acrobat Reader 24.001.30365 & 26.001.21651 Use After Free RCE Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
Reader
CVE-2026-47924 Jun 09, 2026
Acrobat Reader UEFAF Vulnerability <26.001.21651 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat
Reader
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.