Vulnerabilidades en Adobe

4483 resultados
Análisis Vexday

Com 4.472 CVEs catalogadas e 237 surgidas nos últimos 90 dias, a superfície de ataque do portfólio Adobe apresenta volume expressivo e ritmo contínuo de descobertas. A taxa de exploração ativa — 18 entradas no CISA KEV — está em linha com a média geral do catálogo, mas o EPSS de 0,9999 associado à CVE-2024-34102 indica probabilidade máxima de exploração para essa vulnerabilidade específica, exigindo atenção imediata de equipes de resposta. O tipo de falha mais comum é CWE-79 (Cross-Site Scripting), o que sugere fragilidades persistentes na sanitização de entrada em componentes voltados à renderização de conteúdo. A existência de 30 CVEs com prova de conceito pública, combinada a 105 de severidade crítica, reforça a necessidade de priorização rigorosa no ciclo de patching para produtos Adobe em ambientes expostos.

CVE-2021-40767MEDIUMAdobe Character Animator Memory Corruption could lead to Application denial-of-serviceEPSS 1.1%CVE-2021-40714MEDIUMAdobe Experience Manager Reflected Cross Site Scripting via accesskey parameterEPSS 1.1%CVE-2024-39397CRITICALAdobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)EPSS 1.1%CVE-2021-21057MEDIUMAcrobat Reader DC Invalid Memory Read Due To An Uninitialized PointerEPSS 1.1%CVE-2022-42344HIGH[CVE-2021-36032] Magento IDOR Leads to Account TakeoverEPSS 1.1%CVE-2021-28579MEDIUMAdobe Connect improper access control could lead to privilege escalationEPSS 1.1%CVE-2025-49542MEDIUMColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)EPSS 1.1%CVE-2021-21078MEDIUMAdobe Creative Cloud Unquoted Service Path in CCXProcessEPSS 1.1%CVE-2024-45115CRITICALAdobe Commerce | Improper Authentication (CWE-287)EPSS 1.1%CVE-2021-43761HIGHAdobe Experience Manager Stored XSS on Edit Tag page via Localization inputEPSS 1.1%CVE-2024-20738CRITICALAdobe FrameMaker Publishing Server Authentication Bypass Vulnerability | CVE-2023-44324 bypassEPSS 1.1%CVE-2024-30299CRITICALTenable Vulnerability Disclosure | API Auth BypassEPSS 1.1%CVE-2025-61811CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 1.0%CVE-2020-9672HIGHAdobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vuEPSS 1.0%CVE-2020-9673HIGHAdobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vuEPSS 1.0%CVE-2021-28628MEDIUMAdobe Experience Manager Cross-site Scripting vulnerability in inbox render.jspEPSS 1.0%CVE-2021-28625MEDIUMAdobe Experience Manager Cross-site Scripting vulnerability in inbox workitem.jspEPSS 1.0%CVE-2024-20759HIGHAdobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)EPSS 1.0%CVE-2026-48282CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 1.0%CVE-2024-43729MEDIUMAdobe Experience Manager | Improper Authorization (CWE-285)EPSS 1.0%