Adobe Security Vulnerabilities (CVEs)

This CVE describes a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Adobe Acrobat Reader that could allow local attackers to escal...

Adobe InDesign has a NULL pointer dereference vulnerability that allows attackers to crash the application by tricking users into opening malicious fi...

This CVE describes a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Adobe Acrobat Reader that could allow arbitrary code execution...

This CVE describes an out-of-bounds read vulnerability in Adobe InDesign that could allow arbitrary code execution when a user opens a malicious file....

Adobe Bridge versions 13.0.8, 14.1.1 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory conte...

CVE-2024-39388 is a use-after-free vulnerability in Adobe Substance3D Stager that could allow arbitrary code execution when a user opens a malicious f...

This CVE describes an out-of-bounds write vulnerability in Adobe InDesign that could allow arbitrary code execution when a user opens a malicious file...

CVE-2024-39383 is a use-after-free vulnerability in Adobe Acrobat Reader that could allow arbitrary code execution when a user opens a malicious PDF f...

Adobe Illustrator versions 28.5, 27.9.4 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory co...

Adobe Illustrator versions 28.5, 27.9.4 and earlier contain a NULL pointer dereference vulnerability that allows attackers to crash the application by...

Adobe Dimension versions 3.4.11 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents. ...

Adobe Illustrator versions 28.5, 27.9.4 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code ...

This CVE describes a Use After Free vulnerability in Adobe Photoshop Desktop that could allow arbitrary code execution when a user opens a malicious f...

Adobe Dimension versions 3.4.11 and earlier contain an out-of-bounds write vulnerability that could allow arbitrary code execution when a user opens a...

Adobe Dimension versions 3.4.11 and earlier contain a use-after-free vulnerability that could allow attackers to execute arbitrary code when a user op...

CVE-2024-39419 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and modif...

CVE-2024-39415 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and acces...

CVE-2024-39417 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and acces...

CVE-2024-39411 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and acces...

Adobe Commerce has an improper authorization vulnerability that allows low-privileged attackers to bypass security features and access minor informati...

Adobe Commerce has an improper authorization vulnerability that allows low-privileged attackers to bypass security features and modify minor informati...

CVE-2024-39407 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and modif...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce that allows attackers to bypass security features and make mino...

This CVE describes an OS command injection vulnerability in Adobe Commerce that allows authenticated admin users to execute arbitrary commands on the ...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable for...

CVE-2024-39399 is a path traversal vulnerability in Adobe Commerce that allows low-privileged attackers to read arbitrary files from the server's file...

CVE-2024-41861 is an out-of-bounds read vulnerability in Adobe Substance3D Sampler that could allow an attacker to read sensitive memory contents. Thi...

CVE-2024-41863 is an out-of-bounds read vulnerability in Adobe Substance3D Sampler that could allow an attacker to read sensitive memory contents when...

CVE-2024-41864 is an out-of-bounds write vulnerability in Substance3D Designer that could allow arbitrary code execution when a user opens a malicious...

CVE-2024-41858 is an integer overflow vulnerability in Adobe InCopy that could allow arbitrary code execution when a user opens a malicious file. This...

A heap-based buffer overflow vulnerability in Adobe InDesign allows arbitrary code execution when a user opens a malicious file. This affects users of...

This CVE describes a NULL pointer dereference vulnerability in Adobe InDesign that allows attackers to cause a denial-of-service by crashing the appli...

This CVE describes an out-of-bounds read vulnerability in Adobe Bridge that could allow an attacker to read sensitive memory contents, potentially byp...

This CVE describes an out-of-bounds write vulnerability in Adobe InDesign that could allow arbitrary code execution when a user opens a malicious file...

A heap-based buffer overflow vulnerability in Adobe InDesign allows arbitrary code execution when a user opens a malicious file. This affects users ru...

This CVE describes an untrusted search path vulnerability in Adobe Premiere Pro that could allow arbitrary code execution. Attackers could exploit thi...

This CVE describes an out-of-bounds read vulnerability in Acrobat for Edge that could allow an attacker to execute arbitrary code in the context of th...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into vuln...

CVE-2024-34115 is an out-of-bounds write vulnerability in Adobe Substance3D Stager that could allow arbitrary code execution when a user opens a malic...

This path traversal vulnerability in Adobe Acrobat Mobile Sign for Android allows attackers to bypass directory restrictions and access or overwrite f...

This CVE describes an Improper Access Control vulnerability in Adobe ColdFusion that allows unauthenticated attackers to read arbitrary files from the...

Adobe Photoshop Desktop versions 24.7.3, 25.7 and earlier contain an out-of-bounds read vulnerability when parsing malicious files. An attacker could ...

This vulnerability allows high-privilege attackers to upload malicious files to Adobe Commerce systems, potentially leading to arbitrary code executio...

This CVE describes an Improper Authorization vulnerability in Adobe Commerce that allows attackers to bypass security measures without user interactio...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security features and perform unauthoriz...

Adobe Audition versions 24.2, 23.6.4 and earlier contain a NULL pointer dereference vulnerability that allows attackers to crash the application by tr...