adobe
7,383 tracked vulnerabilities.
CVE-2025-49524
MEDIUM
Adobe Illustrator < 28.7.8 - Denial of Service via NULL Pointer Dereference
Jul 08, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-47136
HIGH
Adobe InDesign < 19.5.4 - Integer Underflow to Arbitrary Code Execution
Jul 08, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-47134
HIGH
Adobe InDesign < 19.5.4 - Heap-based Buffer Overflow via Malicious File
Jul 08, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-47103
HIGH
InDesign < 19.5.4 - Heap-based Buffer Overflow via Malicious File
Jul 08, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-43594
HIGH
InDesign < 19.5.4 - Out-of-bounds Write via Malicious File
Jul 08, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-43592
HIGH
Adobe InDesign < 19.5.4 - Use-After-Free via Malicious File
Jul 08, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-43591
HIGH
InDesign < 19.5.4 - Heap-based Buffer Overflow via Malicious File
Jul 08, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-30313
MEDIUM
Illustrator <29.5.1 - Info Disclosure
Jul 08, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-27203
CRITICAL
Adobe Connect <24.0 - Code Injection
Jul 08, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-27165
MEDIUM
Substance3D - Stager <3.1.2 - Info Disclosure
Jul 08, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-49551
HIGH
Adobe ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Use of Hard-coded Credentials
Jul 08, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-49546
LOW
ColdFusion 2025.2 2023.14 2021.20 - Authenticated Partial Denial of Service via Improper Access Control
Jul 08, 2025
CVSS 2.4
EPSS 0.00
CVE-2025-49545
MEDIUM
Adobe ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Authenticated Server-Side Request Forgery
Jul 08, 2025
CVSS 6.2
EPSS 0.00
CVE-2025-49544
MEDIUM
ColdFusion <= 2025.2, 2023.14, 2021.20 - Authenticated XML External Entity Injection
Jul 08, 2025
CVSS 6.8
EPSS 0.01
CVE-2025-49543
MEDIUM
Adobe ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Stored Cross-Site Scripting in Form Fields
Jul 08, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-49542
MEDIUM
ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Unauthenticated Reflected Cross-Site Scripting
Jul 08, 2025
CVSS 5.2
EPSS 0.01
CVE-2025-49541
MEDIUM
ColdFusion <= 2025.2, 2023.14, 2021.20 - Stored Cross-Site Scripting in Form Fields
Jul 08, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-49540
MEDIUM
ColdFusion <= 2025.2, 2023.14, 2021.20 - Stored Cross-Site Scripting in Form Fields
Jul 08, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-49539
MEDIUM
ColdFusion <= 2025.2, 2023.14, 2021.20 - XML External Entity Injection
Jul 08, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-49538
HIGH
ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - XML Injection via Crafted XML or XPath Queries
Jul 08, 2025
CVSS 7.4
EPSS 0.02
CVE-2025-49537
HIGH
ColdFusion <= 2025.2, 2023.14, 2021.20 - OS Command Injection
Jul 08, 2025
CVSS 7.9
EPSS 0.03
CVE-2025-49536
HIGH
ColdFusion <= 2025.2, 2023.14, 2021.20 - Incorrect Authorization
Jul 08, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-49535
CRITICAL
ColdFusion 2025.2 2023.14 2021.20 - XML External Entity Injection
Jul 08, 2025
CVSS 9.3
EPSS 0.01
CVE-2025-43584
MEDIUM
Substance 3D Viewer < 0.25 - Out-of-bounds Read via Malicious File
Jul 08, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-43583
MEDIUM
Substance 3D Viewer < 0.25 - Denial of Service via NULL Pointer Dereference
Jul 08, 2025
CVSS 5.5
EPSS 0.00
Products
acrobat_dc 1,799
acrobat_reader_dc 1,799
acrobat 1,381
experience_manager 1,148
acrobat_reader 1,085
flash_player 1,084
air 413
air_sdk 409
air_sdk_\&_compiler 365
reader 360
flash_player_desktop_runtime 294
coldfusion 228
indesign 202
commerce 184
experience_manager_cloud_service 183
shockwave_player 174
illustrator 173
magento 161
adobe_air 146
bridge 136
after_effects 125
framemaker 118
dimension 116
commerce_b2b 111
animate 102
adobe_air_sdk 96
photoshop 92
Acrobat Reader 90
air_desktop_runtime 88
substance_3d_stager 87
Quick Filters