A

Adobe Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Adobe products.

35 known CVE vulnerabilities tracked

Critical
3
High
23
Medium
7
Low
2
None
0

Vulnerabilities By Year

1
2009
5
2023
1
2025
28
2026

Products Affected

Framemaker 11 Coldfusion 8 Indesign 6 Connect 5 Acrobat 3 Photoshop 1 Incopy 1

All Adobe CVEs

Recent Highest Score Oldest
CVE-2026-27285
5.5 medium

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user

Indesign Apr 14, 2026
CVE-2026-27284
7.8 high

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current

Indesign Apr 14, 2026
CVE-2026-27283
7.8 high

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Indesign Apr 14, 2026
CVE-2026-27238
7.8 high

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Indesign Apr 14, 2026
CVE-2025-61813
8.2 high

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation of

Coldfusion Dec 10, 2025
CVE-2023-4665
8.8 high

Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.

Connect Sep 15, 2023
CVE-2023-4664
8.8 high

Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.

Connect Sep 15, 2023
CVE-2023-4663
6.1 medium

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS. This issue affects Saphira Connect: before 9.

Connect Sep 15, 2023
CVE-2023-4662
9.8 critical

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9.

Connect Sep 15, 2023
CVE-2023-4661
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9.

Connect Sep 15, 2023
CVE-2009-3459
8.8 high

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained f

Acrobat Oct 13, 2009