Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-48328

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-14 Jul, 2026 | 21:04
Updated At-15 Jul, 2026 | 15:12
Rejected At-
Credits

ColdFusion | Improper Input Validation (CWE-20)

ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:14 Jul, 2026 | 21:04
Updated At:15 Jul, 2026 | 15:12
Rejected At:
â–¼CVE Numbering Authority (CNA)
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.

Affected Products
Vendor
Adobe Inc.Adobe
Product
ColdFusion 2025
Default Status
affected
Versions
Affected
  • From 0 through 10 (semver)
Unaffected
  • 11 (semver)
Vendor
Adobe Inc.Adobe
Product
ColdFusion 2023
Default Status
affected
Versions
Affected
  • From 0 through 21 (semver)
Unaffected
  • 22 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-20Improper Input Validation (CWE-20)
Type: CWE
CWE ID: CWE-20
Description: Improper Input Validation (CWE-20)
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://helpx.adobe.com/security/products/coldfusion/apsb26-82.html
vendor-advisory
Hyperlink: https://helpx.adobe.com/security/products/coldfusion/apsb26-82.html
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:14 Jul, 2026 | 21:16
Updated At:15 Jul, 2026 | 18:39

ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update20:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update21:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update10:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update9:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarypsirt@adobe.com
CWE ID: CWE-20
Type: Secondary
Source: psirt@adobe.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/coldfusion/apsb26-82.htmlpsirt@adobe.com
Vendor Advisory
Hyperlink: https://helpx.adobe.com/security/products/coldfusion/apsb26-82.html
Source: psirt@adobe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

221Records found

CVE-2011-0593
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-49.54% / 98.77%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-28547
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.50% / 39.69%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:45
Updated-23 Apr, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Creative Cloud for macOS Privilege Escalation Vulnerability

Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-creative_cloud_desktop_applicationwindowsmacosCreative Cloud (desktop component)
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0626
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.94% / 91.18%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0625
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.94% / 91.18%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0624
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.94% / 91.18%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36034
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.1||CRITICAL
EPSS-2.41% / 82.22%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:28
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Magento Commerce Improper Input Validation Could Lead To Remote Code Execution

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-magento_open_sourceadobe_commerceMagento Commerce
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36044
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.01% / 78.70%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:32
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.

Action-Not Available
Vendor-Adobe Inc.
Product-magento_open_sourceadobe_commerceMagento Commerce
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5091
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.66% / 90.73%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48288
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-3.5||LOW
EPSS-0.41% / 33.22%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 16:48
Updated-10 Jun, 2026 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2005-0492
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-1.80% / 75.98%
||
7 Day CHG~0.00%
Published-21 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48352
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.99%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48315
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||CRITICAL
EPSS-0.55% / 42.23%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 15:12
Updated-01 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48302
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.96%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48334
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||CRITICAL
EPSS-0.43% / 34.59%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:16
Updated-16 Jul, 2026 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Improper Input Validation (CWE-20)

Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-illustratorwindowsIllustrator Desktop 2025Illustrator Desktop 2026
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48353
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 5.04%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24446
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.1||CRITICAL
EPSS-1.59% / 72.94%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 20:02
Updated-21 Apr, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. Exploitation of this issue does not require user interaction, but admin panel privileges are required, and scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48289
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-3.5||LOW
EPSS-0.30% / 21.83%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 16:48
Updated-10 Jun, 2026 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48281
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||CRITICAL
EPSS-0.85% / 54.29%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 15:12
Updated-01 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48277
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||CRITICAL
EPSS-0.85% / 54.29%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 15:12
Updated-01 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48284
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.6||CRITICAL
EPSS-7.94% / 94.08%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:04
Updated-15 Jul, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion 2025ColdFusion 2023
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48351
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.99%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48308
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 4.27%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:04
Updated-17 Jul, 2026 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Premiere Pro | Improper Input Validation (CWE-20)

Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-premiere_proPremiere
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48312
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 5.42%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-47903
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.92%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 21:21
Updated-15 Jun, 2026 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-c2pac2pa-webCAI Content Credentials
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4943
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.87% / 93.32%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-push_notificationsAdobe PhoneGap Push Plugin 1.8.0 earlier versions
CWE ID-CWE-20
Improper Input Validation
CVE-2026-47928
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.6||CRITICAL
EPSS-8.87% / 94.63%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 20:33
Updated-15 Jun, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-20
Improper Input Validation
CVE-2026-47909
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 4.44%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 19:24
Updated-11 Jun, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dreamweaver Desktop | Improper Input Validation (CWE-20)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Adobe Inc.
Product-macosdreamweaverwindowsDreamweaver Desktop
CWE ID-CWE-20
Improper Input Validation
CVE-2026-47931
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.4||HIGH
EPSS-0.56% / 42.60%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 20:33
Updated-29 Jun, 2026 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4193
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.59% / 92.02%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-47930
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.1||HIGH
EPSS-0.39% / 31.33%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 20:33
Updated-15 Jun, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4194
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.59% / 92.02%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4196
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.56% / 91.98%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0301
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.17% / 91.51%
||
7 Day CHG~0.00%
Published-13 Jan, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneladobe_air_sdk_and_compilern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3629
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.77% / 93.24%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2878
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.62% / 92.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2877
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.62% / 92.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3624
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.68% / 93.15%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3626
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.98% / 93.42%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3620
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.98% / 93.42%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2889
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-27.24% / 97.84%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2873
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.25% / 92.77%
||
7 Day CHG~0.00%
Published-26 Aug, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2888
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.11% / 92.63%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3631
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-11.90% / 95.64%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2876
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.05% / 92.57%
||
7 Day CHG~0.00%
Published-26 Aug, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3098
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-6.93% / 93.38%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-captivateAdobe Captivate 9 and earlier.
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2989
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.1||CRITICAL
EPSS-3.69% / 88.47%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-campaignAdobe Campaign Build 8770 and earlier.
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21126
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 16.32%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:10
Updated-03 Mar, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Improper Input Validation (CWE-20)

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1285
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.17% / 89.77%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42340
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-33.84% / 98.21%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 19:42
Updated-23 Apr, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe ColdFusion Improper Input Validation Arbitrary file system read

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0189
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.18% / 91.53%
||
7 Day CHG~0.00%
Published-23 Feb, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

Action-Not Available
Vendor-n/agetPlus (NOS Microsystems Ltd.)Adobe Inc.
Product-download_managergetplus_download_managern/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found