Filtered by vendor Adobe
Subscriptions
Total
7110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21284 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-03-20 | 8.1 High |
| Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. | ||||
| CVE-2026-21294 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-03-20 | 5.5 Medium |
| Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate server-side requests and bypass security controls. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-21286 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-03-20 | 5.3 Medium |
| Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized view access of data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-21282 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-03-20 | 5.3 Medium |
| Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing limited impact to application availability. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-21293 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-03-20 | 5.5 Medium |
| Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate server-side requests and access unauthorized resources. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-21291 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2026-03-20 | 4.8 Medium |
| Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. | ||||
| CVE-2026-27224 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-03-20 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27248 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-03-20 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27228 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-03-20 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27266 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-03-20 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27229 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-03-20 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27230 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-03-20 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27231 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-03-20 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27234 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-03-20 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27264 | 1 Adobe | 1 Adobe Experience Manager | 2026-03-16 | N/A |
| This CVE ID was issued in error by its CVE Numbering Authority. | ||||
| CVE-2026-27263 | 1 Adobe | 1 Adobe Experience Manager | 2026-03-16 | N/A |
| This CVE ID was issued in error by its CVE Numbering Authority. | ||||
| CVE-2026-27261 | 1 Adobe | 1 Adobe Experience Manager | 2026-03-16 | N/A |
| This CVE ID was issued in error by its CVE Numbering Authority. | ||||
| CVE-2026-27260 | 1 Adobe | 1 Adobe Experience Manager | 2026-03-16 | N/A |
| This CVE ID was issued in error by its CVE Numbering Authority. | ||||
| CVE-2026-27259 | 1 Adobe | 1 Adobe Experience Manager | 2026-03-16 | N/A |
| This CVE ID was issued in error by its CVE Numbering Authority. | ||||
| CVE-2025-27172 | 1 Adobe | 1 Substance 3d Designer | 2026-02-26 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||