Adobe Security Vulnerabilities (CVEs)
Track 1,271 security vulnerabilities affecting Adobe products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Adobe Illustrator versions 28.7.8, 29.6.1 and earlier contain a use-after-free vulnerability that could allow attackers to read sensitive memory conte...
Aug 12, 2025CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that allows unauthenticated attackers to execute arbitra...
Aug 5, 2025This stored XSS vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into form fields. When victim...
Aug 5, 2025Adobe Experience Manager versions 6.5.22 and earlier contain a stored Cross-Site Scripting vulnerability in form fields. Low-privileged attackers can ...
Jul 24, 2025This stored XSS vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into form fields. When users ...
Jul 24, 2025Adobe Experience Manager versions 6.5.22 and earlier contain a DOM-based Cross-Site Scripting vulnerability that allows low-privileged attackers to ex...
Jul 16, 2025Adobe Framemaker versions 2020.8, 2022.6 and earlier contain a heap-based buffer overflow vulnerability (CWE-122) that could allow arbitrary code exec...
Jul 8, 2025Adobe Framemaker versions 2020.8, 2022.6 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code...
Jul 8, 2025CVE-2025-47125 is a heap-based buffer overflow vulnerability in Adobe Framemaker that could allow attackers to execute arbitrary code when a user open...
Jul 8, 2025Adobe Framemaker versions 2020.8, 2022.6 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code...
Jul 8, 2025Adobe Framemaker versions 2020.8, 2022.6 and earlier contain an out-of-bounds write vulnerability that could allow arbitrary code execution when a use...
Jul 8, 2025Adobe Framemaker versions 2020.8, 2022.6 and earlier contain a NULL pointer dereference vulnerability that allows attackers to cause denial-of-service...
Jul 8, 2025Adobe Framemaker versions 2020.8, 2022.6 and earlier contain an uninitialized pointer access vulnerability that could allow arbitrary code execution w...
Jul 8, 2025Adobe Framemaker versions 2020.8, 2022.6 and earlier contain a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary cod...
Jul 8, 2025CVE-2025-47098 is an uninitialized pointer access vulnerability in Adobe InCopy that could allow arbitrary code execution when a user opens a maliciou...
Jul 8, 2025This CVE describes an integer underflow vulnerability in Adobe Illustrator that could allow arbitrary code execution when a user opens a malicious fil...
Jul 8, 2025Adobe Experience Manager versions 6.5.23.0 and earlier contain a deserialization vulnerability that allows unauthenticated attackers to execute arbitr...
Jul 8, 2025Adobe Experience Manager versions 11.4 and earlier contain a stored cross-site scripting vulnerability where low-privileged attackers can inject malic...
Jul 8, 2025Adobe Illustrator versions 28.7.6, 29.5.1 and earlier contain a NULL pointer dereference vulnerability that allows attackers to crash the application ...
Jul 8, 2025Adobe Illustrator versions 28.7.6, 29.5.1 and earlier contain an out-of-bounds write vulnerability that could allow arbitrary code execution when a us...
Jul 8, 2025A stack-based buffer overflow vulnerability in Adobe Illustrator allows arbitrary code execution when a user opens a malicious file. This affects Illu...
Jul 8, 2025Adobe Illustrator versions 28.7.6, 29.5.1 and earlier contain an out-of-bounds write vulnerability that could allow arbitrary code execution when a us...
Jul 8, 2025Adobe InDesign versions 19.5.3 and earlier contain a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code when a u...
Jul 8, 2025Adobe InDesign versions 19.5.3 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code on a vict...
Jul 8, 2025Adobe InDesign versions 19.5.3 and earlier contain a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code when a u...
Jul 8, 2025Substance3D Stager versions 3.1.2 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents...
Jul 8, 2025Adobe Connect versions 24.0 and earlier contain a deserialization vulnerability that allows attackers to execute arbitrary code on affected systems. E...
Jul 8, 2025This stored Cross-Site Scripting (XSS) vulnerability in Adobe ColdFusion allows high-privileged attackers to inject malicious JavaScript into vulnerab...
Jul 8, 2025This stored XSS vulnerability in Adobe ColdFusion allows high-privileged attackers to inject malicious JavaScript into vulnerable form fields. When vi...
Jul 8, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Adobe ColdFusion that allows high-privilege authenticated attackers to force ...
Jul 8, 2025Adobe ColdFusion contains hard-coded credentials that could allow attackers to escalate privileges without user interaction. This affects ColdFusion 2...
Jul 8, 2025This XXE vulnerability in Adobe ColdFusion allows attackers to bypass security restrictions and access sensitive data or cause denial of service by ex...
Jul 8, 2025This CVE describes an OS command injection vulnerability in Adobe ColdFusion that allows authenticated high-privileged attackers to execute arbitrary ...
Jul 8, 2025This XXE vulnerability in Adobe ColdFusion allows high-privileged attackers to bypass security restrictions and access sensitive information without u...
Jul 8, 2025Substance3D Viewer versions 0.22 and earlier contain a NULL pointer dereference vulnerability that allows attackers to cause denial-of-service by cras...
Jul 8, 2025Adobe Dimension versions 4.1.2 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents. T...
Jul 8, 2025This CVE describes an out-of-bounds read vulnerability in Adobe After Effects that could allow an attacker to read sensitive memory contents. Successf...
Jul 8, 2025CVE-2025-21166 is an out-of-bounds write vulnerability in Substance3D Designer that allows arbitrary code execution when a user opens a malicious file...
Jul 8, 2025Substance3D Designer versions 14.1 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory content...
Jul 8, 2025CVE-2025-21164 is an out-of-bounds write vulnerability in Substance3D Designer that allows arbitrary code execution when a user opens a malicious file...
Jul 8, 2025Adobe Commerce has an incorrect authorization vulnerability (CWE-863) that allows attackers to bypass security features and gain limited unauthorized ...
Jun 25, 2025This stored Cross-Site Scripting vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into vulnera...
Jun 10, 2025Adobe Experience Manager versions 6.5.22 and earlier contain a stored XSS vulnerability in form fields. Low-privileged attackers can inject malicious ...
Jun 10, 2025A stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into vuln...
Jun 10, 2025This stored XSS vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into form fields. When users ...
Jun 10, 2025This stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into v...
Jun 10, 2025Adobe Experience Manager versions 6.5.22 and earlier contain a stored Cross-Site Scripting vulnerability that allows low-privileged attackers to injec...
Jun 10, 2025Adobe Experience Manager versions 6.5.22 and earlier contain a stored cross-site scripting vulnerability in form fields. Low-privileged attackers can ...
Jun 10, 2025This stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into v...
Jun 10, 2025This stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager allows low-privileged attackers to inject malicious JavaScript into v...
Jun 10, 2025Why Monitor Adobe Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,271+ known vulnerabilities affecting Adobe products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Adobe packages in under 60 seconds. No agents required - completely agentless scanning that works across Adobe deployments.
Free vulnerability database: Access detailed information about every Adobe CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Adobe CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
