Search Results (7312 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5200 1 Adobe 1 Breeze Licensed Server 2026-04-23 N/A
Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing."
CVE-2007-1874 1 Adobe 1 Coldfusion 2026-04-23 N/A
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
CVE-2009-2990 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
CVE-2009-3958 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Acrobat Reader, Mac Os X and 2 more 2026-04-23 N/A
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.
CVE-2009-3796 2 Adobe, Redhat 3 Adobe Air, Flash Player, Rhel Extras 2026-04-23 N/A
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
CVE-2009-3797 2 Adobe, Redhat 3 Adobe Air, Flash Player, Rhel Extras 2026-04-23 N/A
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
CVE-2008-4820 2 Adobe, Microsoft 2 Flash Player, Windows 2026-04-23 N/A
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.
CVE-2026-34617 3 Adobe, Apple, Microsoft 5 Adobe Connect, Connect, Connect Desktop Application and 2 more 2026-04-22 8.7 High
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
CVE-2026-34614 3 Adobe, Apple, Microsoft 5 Adobe Connect, Connect, Connect Desktop Application and 2 more 2026-04-22 6.1 Medium
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.
CVE-2026-21331 3 Adobe, Apple, Microsoft 5 Adobe Connect, Connect, Connect Desktop Application and 2 more 2026-04-22 6.1 Medium
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.
CVE-2025-27203 1 Adobe 1 Connect Desktop Application 2026-04-22 9.6 Critical
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.
CVE-2025-54236 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-04-22 9.1 Critical
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
CVE-2026-34632 1 Adobe 1 Adobe Photoshop Installer 2026-04-22 8.2 High
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.
CVE-2026-34621 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2026-04-22 8.6 High
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2009-1862 2 Adobe, Redhat 4 Acrobat, Acrobat Reader, Flash Player and 1 more 2026-04-22 7.8 High
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
CVE-2009-0927 2 Adobe, Redhat 2 Acrobat Reader, Rhel Extras 2026-04-22 8.8 High
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
CVE-2008-2992 3 Adobe, Oracle, Redhat 4 Acrobat, Acrobat Reader, Solaris and 1 more 2026-04-22 7.8 High
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
CVE-2016-0984 6 Adobe, Apple, Google and 3 more 12 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 9 more 2026-04-22 8.8 High
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.
CVE-2015-8651 9 Adobe, Apple, Google and 6 more 23 Air, Air Sdk, Air Sdk \& Compiler and 20 more 2026-04-22 8.8 High
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2015-7645 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Mac Os X, Linux Kernel and 11 more 2026-04-22 7.8 High
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.