Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Adobe product.
RSS Feeds for Adobe security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Adobe products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Adobe Sorted by Most Security Vulnerabilities since 2018
Adobe Experience Manager1089 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms
Adobe ColdFusion165 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.
Adobe Creative Cloud Desktop Application21 vulnerabilities
The desktop client for Adobe Creative Cloud
Recent Adobe Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-39 | Security Updates Available for Adobe Bridge | APSB26-39 | April 14, 2026 |
| APSB26-32 | Security Update Available for Adobe InDesign | APSB26-32 | April 14, 2026 |
| APSB26-38 | Security updates available for Adobe ColdFusion | APSB26-38 | April 14, 2026 |
| APSB26-42 | Security Updates Available for Adobe Illustrator | APSB26-42 | April 14, 2026 |
| APSB26-34 | Security updates available for Adobe Experience Manager Screens | APSB26-34 | April 14, 2026 |
| APSB26-37 | Security updates available for Adobe Connect | APSB2 APSB26-37 | April 14, 2026 |
| APSB26-36 | Security Updates Available for Adobe Framemaker | APSB26-36 | April 14, 2026 |
| APSB26-40 | Security updates available for Adobe Photoshop | APSB26-40 | April 14, 2026 |
| APSB26-44 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB26-44 | April 14, 2026 |
| APSB26-41 | Security update available for Adobe DNG Software Development Kit (SDK) | APSB26-41 | April 14, 2026 |
Known Exploited Adobe Vulnerabilities
The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Adobe Acrobat Use-After-Free Vulnerability |
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution CVE-2020-9715 Exploit Probability: 75.9% |
April 13, 2026 |
| Adobe Acrobat and Reader Prototype Pollution Vulnerability |
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution. CVE-2026-34621 Exploit Probability: 6.1% |
April 13, 2026 |
| Adobe Commerce and Magento Improper Input Validation Vulnerability |
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. CVE-2025-54236 Exploit Probability: 70.1% |
October 24, 2025 |
| Adobe Experience Manager Forms Code Execution Vulnerability |
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution. CVE-2025-54253 Exploit Probability: 15.5% |
October 15, 2025 |
| Adobe ColdFusion Deserialization Vulnerability |
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution. CVE-2017-3066 Exploit Probability: 93.7% |
February 24, 2025 |
| Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel. CVE-2024-20767 Exploit Probability: 94.0% |
December 16, 2024 |
| Adobe Flash Player Double Free Vulnerablity |
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0502 Exploit Probability: 89.0% |
September 17, 2024 |
| Adobe Flash Player Incorrect Default Permissions Vulnerability |
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0643 Exploit Probability: 57.9% |
September 17, 2024 |
| Adobe Flash Player Code Execution Vulnerability |
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0648 Exploit Probability: 54.7% |
September 17, 2024 |
| Adobe Flash Player Integer Underflow Vulnerablity |
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0497 Exploit Probability: 93.1% |
September 17, 2024 |
| Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V |
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution. CVE-2024-34102 Exploit Probability: 94.1% |
July 17, 2024 |
| Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-38203 Exploit Probability: 94.2% |
January 8, 2024 |
| Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-29300 Exploit Probability: 93.7% |
January 8, 2024 |
| Adobe Acrobat and Reader Use-After-Free Vulnerability |
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. CVE-2023-21608 Exploit Probability: 79.1% |
October 10, 2023 |
| Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability |
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. CVE-2023-26369 Exploit Probability: 0.6% |
September 14, 2023 |
| Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. CVE-2023-26359 Exploit Probability: 85.7% |
August 21, 2023 |
| Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-29298 Exploit Probability: 94.3% |
July 20, 2023 |
| Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-38205 Exploit Probability: 94.2% |
July 20, 2023 |
| Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution. CVE-2023-26360 Exploit Probability: 94.3% |
March 15, 2023 |
| Adobe Acrobat and Reader Double Free Vulnerability |
Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. CVE-2018-4990 Exploit Probability: 51.5% |
June 8, 2022 |
Of the known exploited vulnerabilities above, 12 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Adobe vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Adobe Vulnerabilities
Based on the current exploit probability, these Adobe vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2018-15961 | 94.4% | Adobe ColdFusion Remote Code Execution |
| 2 | CVE-2023-26360 | 94.3% | Adobe ColdFusion Improper Access Control Vulnerability |
| 3 | CVE-2023-29298 | 94.3% | Adobe ColdFusion Improper Access Control Vulnerability |
| 4 | CVE-2010-2861 | 94.3% | Adobe ColdFusion Directory Traversal Vulnerability |
| 5 | CVE-2023-38203 | 94.2% | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
| 6 | CVE-2023-38205 | 94.2% | Adobe ColdFusion Improper Access Control Vulnerability |
| 7 | CVE-2024-34102 | 94.1% | Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V |
| 8 | CVE-2024-20767 | 94.0% | Adobe ColdFusion Improper Access Control Vulnerability |
| 9 | CVE-2008-2992 | 93.7% | Adobe Reader and Acrobat Input Validation Vulnerability |
| 10 | CVE-2017-3066 | 93.7% | Adobe ColdFusion Deserialization Vulnerability |
By the Year
In 2026 there have been 209 vulnerabilities in Adobe with an average score of 6.7 out of ten. Last year, in 2025 Adobe had 817 security vulnerabilities published. Right now, Adobe is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.38.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 209 | 6.71 |
| 2025 | 817 | 6.33 |
| 2024 | 753 | 6.20 |
| 2023 | 668 | 6.35 |
| 2022 | 421 | 6.80 |
| 2021 | 323 | 6.73 |
| 2020 | 344 | 7.74 |
| 2019 | 324 | 6.72 |
| 2018 | 94 | 7.91 |
It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-34632 | Apr 15, 2026 |
Adobe Photoshop Installer: USEP Exploit for Code ExecAdobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer. |
Photoshop
|
| CVE-2026-27297 | Apr 14, 2026 |
Adobe Framemaker <2022.8: Integer Underflow Allows Code ExecutionAdobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27300 | Apr 14, 2026 |
Adobe FrameMaker <=2022.8 UIP Access (Memory Exposure)Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27296 | Apr 14, 2026 |
Adobe FrameMaker <2022.8 Integer Underflow (Wrap) VulnerabilityAdobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27290 | Apr 14, 2026 |
Adobe FrameMaker Untrusted Search Path <=2022.8 Enables Code ExecAdobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction. |
Framemaker
|
| CVE-2026-27298 | Apr 14, 2026 |
Adobe Framemaker <2023: Type Confusion Arbitrary Code Exec (CVE202627298)Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27294 | Apr 14, 2026 |
Adobe Framemaker OOB Read in File Parser (2022.8)Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27301 | Apr 14, 2026 |
Heap Buffer Overflow in Adobe FrameMaker <2022.8Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27295 | Apr 14, 2026 |
Adobe Framemaker <=2022.8 OOB Write Leading to Arbitrary Code (File)Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27299 | Apr 14, 2026 |
Adobe Framemaker 2022.8-: Improper Input Validation Allows File ReadAdobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27293 | Apr 14, 2026 |
Adobe Framemaker 2022.8+ Heap Overflow Arbitrary Code ExecAdobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-27292 | Apr 14, 2026 |
Adobe Framemaker 2022.8 UAF Arbitrary Code ExecutionAdobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Framemaker
|
| CVE-2026-34619 | Apr 14, 2026 |
ColdFusion Path Traversal (security bypass) before 2023.18ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue does not require user interaction. |
ColdFusion
|
| CVE-2026-27308 | Apr 14, 2026 |
ColdFusion 2023.18-2025.6 Resource Consumption DoS VulnerabilityColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction. |
ColdFusion
|
| CVE-2026-27282 | Apr 14, 2026 |
ColdFusion Improper Input Validation Bypass Security (2025.6)ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. |
ColdFusion
|
| CVE-2026-27305 | Apr 14, 2026 |
Adobe ColdFusion <2025.6: Path Traversal in File AccessColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. |
ColdFusion
|
| CVE-2026-27304 | Apr 14, 2026 |
Improper Input Validation in Adobe ColdFusion Pre-2025.6 Allows Code ExecColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. |
ColdFusion
|
| CVE-2026-27306 | Apr 14, 2026 |
Adobe ColdFusion <2025.6 Improper Input Validation -> AEX CVE-2026-27306ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
ColdFusion
|
| CVE-2026-27307 | Apr 14, 2026 |
ColdFusion UCRV: DDoS via Uncontrolled Resource Consumption (2025.6)ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction. |
ColdFusion
|
| CVE-2026-34631 | Apr 14, 2026 |
Adobe InCopy OOB Write v<=21.2 (Arbitrary Code Exec)InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Incopy
|
| CVE-2026-27287 | Apr 14, 2026 |
Adobe InCopy < 21.2: OOB Read in file parsing (CVE-2026-27287)InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Incopy
|
| CVE-2026-34630 | Apr 14, 2026 |
Adobe Bridge <16.0.2 Heap Buffer OverflowBridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Bridge
|
| CVE-2026-27312 | Apr 14, 2026 |
Adobe Bridge <16.0.2, <15.1.4: Heap Buffer Overflow CVE-2026-27312Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Bridge
|
| CVE-2026-27222 | Apr 14, 2026 |
Adobe Bridge <=16.0.2 DIV0 DoSBridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Bridge
|
| CVE-2026-27310 | Apr 14, 2026 |
Adobe Bridge heap overflow 16.0.2/15.1.4 via malicious fileBridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Bridge
|
| CVE-2026-27311 | Apr 14, 2026 |
Adobe Bridge <=16.0.2 Heap Overflow CVE-2026-27311Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Bridge
|
| CVE-2026-27313 | Apr 14, 2026 |
Adobe Bridge Heap Buffer Overflow prior to 16.0.2 via malicious fileBridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Bridge
|
| CVE-2026-27289 | Apr 14, 2026 |
Out-of-Bounds Read in Photoshop Desktop <=27.4, possible code execPhotoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Photoshop
|
| CVE-2026-34618 | Apr 14, 2026 |
Illustrator 30.2 OOB Write Arbitrary Code ExecIllustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Illustrator
|
| CVE-2026-34625 | Apr 14, 2026 |
Adobe Experience Manager 6.5.x FP11.7 DOM XSSAdobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. |
Experience Manager
Experience Manager Screens
|
| CVE-2026-34623 | Apr 14, 2026 |
Adobe Experience Manager 6.5.24 FP11.7 DOM XSS before 6.5.25Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. |
Experience Manager
Experience Manager Screens
|
| CVE-2026-34624 | Apr 14, 2026 |
AEM 6.5.24/FP11.7 DOM XSS via crafted pageAdobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. |
Experience Manager
Experience Manager Screens
|
| CVE-2026-27288 | Apr 14, 2026 |
Adobe Experience Manager 6.5.24/FP11.7 DOM-XSS VulnerabilityAdobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. |
Experience Manager
Experience Manager Screens
|
| CVE-2026-34617 | Apr 14, 2026 |
Adobe Connect XSS before 2025.3 Privilege EscalationAdobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. |
Connect
|
| CVE-2026-27303 | Apr 14, 2026 |
Adobe Connect 12.10, 2025.3 Deser: Untrusted Data Arbitrary Code ExecAdobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. |
Connect
|
| CVE-2026-21331 | Apr 14, 2026 |
Adobe Connect 2025.3/12.10 and below: Reflected XSS (CVE-2026-21331)Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. |
Connect
|
| CVE-2026-27246 | Apr 14, 2026 |
Adobe Connect 2025.3/12.10 DOM-based XSS Vulnerability (CVE-2026-27246)Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed. |
Connect
|
| CVE-2026-34614 | Apr 14, 2026 |
Adobe Connect Reflected XSS before 12.10, Scope ChangedAdobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. |
Connect
|
| CVE-2026-27245 | Apr 14, 2026 |
Adobe Connect 2025.3 & 12.10: Reflected XSS (CVE-2026-27245)Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. |
Connect
|
| CVE-2026-34615 | Apr 14, 2026 |
Adobe Connect 12.10/2025.3 Deserialization ExploitAdobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. |
Connect
|
| CVE-2026-27243 | Apr 14, 2026 |
Adobe Connect 12.10 Reflected XSS via URL, Scope ChangeAdobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. |
Connect
|
| CVE-2026-34628 | Apr 14, 2026 |
Adobe InDesign Desktop Heap Overflow <21.2 (CVE-2026-34628)InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
InDesign
|
| CVE-2026-34629 | Apr 14, 2026 |
Adobe InDesign <=21.2 Heap Buffer Overflow (CVE202634629)InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
InDesign
|
| CVE-2026-34627 | Apr 14, 2026 |
Adobe InDesign Heap Buffer Overflow (v20.5.2/21.2) CVE-2026-34627InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
InDesign
|
| CVE-2026-27258 | Apr 14, 2026 |
Adobe DNG SDK OOB Write leading to DoS (1.7.12502)DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
| CVE-2026-27284 | Apr 14, 2026 |
Adobe InDesign OOB Read 20.5.2/21.2InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
InDesign
|
| CVE-2026-27285 | Apr 14, 2026 |
Adobe InDesign <=21.2 Heap Buffer Overflow DoSInDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
InDesign
|
| CVE-2026-27286 | Apr 14, 2026 |
Adobe InDesign Desktop Heap Buf Overflow <21.2 - Mem ExposureInDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
InDesign
|
| CVE-2026-27283 | Apr 14, 2026 |
Adobe InDesign File Parser UA 20.5.2/21.2: Code exec on openInDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
InDesign
|
| CVE-2026-27238 | Apr 14, 2026 |
Adobe InDesign Desktop Heap Overflow <20.5.2/21.2 , Arbitrary ExecInDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
InDesign
|