adobe security advisories
47 threat alerts tracking vulnerabilities and security advisories that affect adobe products.
Vulnios monitors adobe CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent adobe security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2023-4661 — adobe — connect
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9.
criticalCVE-2023-4661Critical Vulnerability: CVE-2023-4662 — adobe — connect
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9.
criticalCVE-2023-4662Critical Vulnerability: CVE-2016-7866 — adobe — animate
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2016-7866Critical Vulnerability: CVE-2016-7856 — adobe — dng_converter
Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2016-7856Critical Vulnerability: CVE-2016-6980 — adobe — digital_editions
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.
criticalCVE-2016-6980Critical Vulnerability: CVE-2016-4256 — adobe — digital_editions
Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4257, C
criticalCVE-2016-4256Critical Vulnerability: CVE-2016-4261 — adobe — digital_editions
Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, C
criticalCVE-2016-4261Critical Vulnerability: CVE-2016-4259 — adobe — digital_editions
Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, C
criticalCVE-2016-4259Critical Vulnerability: CVE-2016-4257 — adobe — digital_editions
Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, C
criticalCVE-2016-4257Critical Vulnerability: CVE-2016-4262 — adobe — digital_editions
Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, C
criticalCVE-2016-4262Critical Vulnerability: CVE-2016-4260 — adobe — digital_editions
Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, C
criticalCVE-2016-4260Critical Vulnerability: CVE-2016-4258 — adobe — digital_editions
Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, C
criticalCVE-2016-4258Critical Vulnerability: CVE-2016-4263 — adobe — digital_editions
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors.
criticalCVE-2016-4263Critical Vulnerability: CVE-2016-4167 — adobe — dng_software_development_kit
Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
criticalCVE-2016-4167Critical Vulnerability: CVE-2016-4165 — adobe — brackets
The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input.
criticalCVE-2016-4165Critical Vulnerability: CVE-2016-1114 — adobe — coldfusion
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Com
criticalCVE-2016-1114Critical Vulnerability: CVE-2016-1034 — adobe — creative_cloud
The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspeci
criticalCVE-2016-1034Critical Vulnerability: CVE-2016-0954 — adobe — digital_editions
Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
criticalCVE-2016-0954Critical Vulnerability: CVE-2016-0949 — adobe — connect
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.
criticalCVE-2016-0949Critical Vulnerability: CVE-2017-16398 — adobe — acrobat, acrobat_dc
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. Th
criticalCVE-2017-16398Critical Vulnerability: CVE-2017-11295 — adobe — dng_converter
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-11295Critical Vulnerability: CVE-2017-11302 — adobe — indesign
An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-11302Critical Vulnerability: CVE-2017-11303 — adobe — photoshop
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution
criticalCVE-2017-11303Critical Vulnerability: CVE-2017-11293 — adobe — acrobat, acrobat_dc
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An
criticalCVE-2017-11293Critical Vulnerability: CVE-2017-11291 — adobe — connect
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
criticalCVE-2017-11291Critical Vulnerability: CVE-2017-11304 — adobe — photoshop
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-11304Critical Vulnerability: CVE-2017-11284 — adobe — coldfusion
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
criticalCVE-2017-11284Critical Vulnerability: CVE-2017-11283 — adobe — coldfusion
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
criticalCVE-2017-11283Critical Vulnerability: CVE-2017-3108 — adobe — experience_manager
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
criticalCVE-2017-3108Critical Vulnerability: CVE-2017-11274 — adobe — digital_editions
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-11274Critical Vulnerability: CVE-2017-3096 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code executi
criticalCVE-2017-3096Critical Vulnerability: CVE-2017-3097 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful
criticalCVE-2017-3097Critical Vulnerability: CVE-2017-3095 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-3095Critical Vulnerability: CVE-2017-3092 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the insta
criticalCVE-2017-3092Critical Vulnerability: CVE-2017-3086 — adobe — shockwave_player
Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-3086Critical Vulnerability: CVE-2017-3090 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the ins
criticalCVE-2017-3090Critical Vulnerability: CVE-2017-3089 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-3089Critical Vulnerability: CVE-2017-3094 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-3094Critical Vulnerability: CVE-2017-3093 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the bitmap representation module. Successful exploitation could lead to arbitrary code executio
criticalCVE-2017-3093Critical Vulnerability: CVE-2017-3088 — adobe — digital_editions
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-3088Critical Vulnerability: CVE-2017-3098 — adobe — captivate
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
criticalCVE-2017-3098Critical Vulnerability: CVE-2017-3083 — adobe — flash_player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful e
criticalCVE-2017-3083Critical Vulnerability: CVE-2017-3084 — adobe — flash_player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code exec
criticalCVE-2017-3084Critical Vulnerability: CVE-2017-2989 — adobe — campaign
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.
criticalCVE-2017-2989Critical Vulnerability: CVE-2017-2973 — adobe — digital_editions
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
criticalCVE-2017-2973Critical Vulnerability: CVE-2017-2968 — adobe — campaign
Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.
criticalCVE-2017-2968Critical Vulnerability: CVE-2025-54236 — adobe — commerce, commerce_b2b
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this t
criticalCVE-2025-54236
Track adobe exposure across your environment
Vulnios automatically cross-references your asset inventory against new adobe CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan