KEV category

PDF tool KEV entries — Adobe Acrobat and Reader

Vulnerabilities being actively exploited in Adobe Acrobat and Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF can run attacker code in the user's session and pivot to file shares or email. Updated daily from the CISA KEV catalog.

Updated 17 hours ago. 79 entries in this category. All SMB-relevant entries.

CVE-2009-3459Plan to patch
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
Added to KEV May 20, 2026 · Adobe Acrobat and Reader
CVE-2020-9715Plan to patch
Adobe Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Added to KEV Apr 13, 2026 · Adobe Acrobat
CVE-2026-34621Plan to patch
Adobe Acrobat and Reader Prototype Pollution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Added to KEV Apr 13, 2026 · Adobe Acrobat and Reader
CVE-2025-54236Patch this week
Adobe Commerce and Magento Improper Input Validation Vulnerability
Affects anyone running Adobe Commerce and Magento. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
Added to KEV Oct 24, 2025 · Adobe Commerce and Magento
CVE-2025-54253Patch this week
Adobe Experience Manager Forms Code Execution Vulnerability
Affects anyone running Adobe Experience Manager (AEM) Forms. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
Added to KEV Oct 15, 2025 · Adobe Experience Manager (AEM) Forms
CVE-2017-3066Patch this week
Adobe ColdFusion Deserialization Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
Added to KEV Feb 24, 2025 · Adobe ColdFusion
CVE-2024-20767Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
Added to KEV Dec 16, 2024 · Adobe ColdFusion
CVE-2013-0648Plan to patch
Adobe Flash Player Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2013-0643Plan to patch
Adobe Flash Player Incorrect Default Permissions Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2014-0497Patch this week
Adobe Flash Player Integer Underflow Vulnerablity
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2014-0502Plan to patch
Adobe Flash Player Double Free Vulnerablity
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2024-34102Patch this week
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
Affects anyone running Adobe Commerce and Magento Open Source. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
Added to KEV Jul 17, 2024 · Adobe Commerce and Magento Open Source
CVE-2023-29300Known ransomware usePatch now
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Added to KEV Jan 8, 2024 · Adobe ColdFusion
CVE-2023-38203Known ransomware usePatch now
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Added to KEV Jan 8, 2024 · Adobe ColdFusion
CVE-2023-21608Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
Added to KEV Oct 10, 2023 · Adobe Acrobat and Reader
CVE-2023-26369Plan to patch
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
Added to KEV Sep 14, 2023 · Adobe Acrobat and Reader
CVE-2023-26359Patch this week
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
Added to KEV Aug 21, 2023 · Adobe ColdFusion
CVE-2023-29298Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
Added to KEV Jul 20, 2023 · Adobe ColdFusion
CVE-2023-38205Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
Added to KEV Jul 20, 2023 · Adobe ColdFusion
CVE-2023-26360Plan to patch
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Added to KEV Mar 15, 2023 · Adobe ColdFusion
CVE-2018-4990Plan to patch
Adobe Acrobat and Reader Double Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2012-5054Plan to patch
Adobe Flash Player Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2012-0767Monitor
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2012-0754Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2011-2462Patch this week
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Reader and Acrobat
CVE-2011-0609Plan to patch
Adobe Flash Player Unspecified Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2010-2883Plan to patch
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2010-1297Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2009-4324Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2009-1862Plan to patch
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader, Flash Player
CVE-2008-0655Plan to patch
Adobe Acrobat and Reader Unspecified Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2007-5659Plan to patch
Adobe Acrobat and Reader Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2009-3953Plan to patch
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2016-1010Plan to patch
Adobe Flash Player and AIR Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player and AIR. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player and AIR
CVE-2016-0984Plan to patch
Adobe Flash Player and AIR Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player and AIR. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player and AIR
CVE-2015-0310Plan to patch
Adobe Flash Player ASLR Bypass Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2015-8651Plan to patch
Adobe Flash Player Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Integer overflow in Adobe Flash Player allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2014-8439Plan to patch
Adobe Flash Player Dereferenced Pointer Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2014-0546Patch this week
Adobe Reader and Acrobat Sandbox Bypass Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.
Added to KEV May 25, 2022 · Adobe Reader and Acrobat
CVE-2018-5002Plan to patch
Adobe Flash Player Stack-based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.
Added to KEV May 23, 2022 · Adobe Flash Player
CVE-2015-5123Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-5122Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0313Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0311Patch this week
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2014-9163Plan to patch
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-3113Patch this week
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2013-2729Patch this week
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Added to KEV Mar 28, 2022 · Adobe Reader and Acrobat
CVE-2012-2034Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
Added to KEV Mar 28, 2022 · Adobe Flash Player
CVE-2016-7892Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2016-4171Patch this week
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2010-2861Known ransomware usePatch now
Adobe ColdFusion Directory Traversal Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Added to KEV Mar 25, 2022 · Adobe ColdFusion
CVE-2009-0927Plan to patch
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Added to KEV Mar 25, 2022 · Adobe Reader and Acrobat
CVE-2013-0631Plan to patch
Adobe ColdFusion Information Disclosure Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2013-0629Plan to patch
Adobe ColdFusion Directory Traversal Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2013-0625Patch this week
Adobe ColdFusion Authentication Bypass Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2009-3960Known ransomware usePatch now
Adobe BlazeDS Information Disclosure Vulnerability
Affects anyone running Adobe BlazeDS. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
Added to KEV Mar 7, 2022 · Adobe BlazeDS
CVE-2016-7855Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2017-11292Plan to patch
Adobe Flash Player Type Confusion Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2016-4117Patch this week
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2016-1019Known ransomware usePatch now
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-5119Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-3043Patch this week
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2014-0496Plan to patch
Adobe Reader and Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-3346Patch this week
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-0641Plan to patch
Adobe Reader Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Reader
CVE-2013-0640Plan to patch
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-0632Patch this week
Adobe ColdFusion Authentication Bypass Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
Added to KEV Mar 3, 2022 · Adobe ColdFusion
CVE-2012-1535Plan to patch
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2011-0611Plan to patch
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2010-0188Known ransomware usePatch now
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2008-2992Known ransomware usePatch now
Adobe Reader and Acrobat Input Validation Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Added to KEV Mar 3, 2022 · Adobe Acrobat and Reader
CVE-2015-7645Known ransomware usePatch now
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2022-24086Patch this week
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
Affects anyone running Adobe Commerce and Magento Open Source. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
Added to KEV Feb 15, 2022 · Adobe Commerce and Magento Open Source
CVE-2018-15982Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
Added to KEV Feb 15, 2022 · Adobe Flash Player
CVE-2021-21017Plan to patch
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2021-28550Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2018-4939Patch this week
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe ColdFusion
CVE-2018-15961Patch this week
Adobe ColdFusion Unrestricted File Upload Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe ColdFusion
CVE-2018-4878Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe Flash Player

KEV category

PDF tool KEV entries — Adobe Acrobat and Reader

Updated 17 hours ago. 79 entries in this category. All SMB-relevant entries.

CVE-2009-3459Plan to patch
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
Added to KEV May 20, 2026 · Adobe Acrobat and Reader
CVE-2020-9715Plan to patch
Adobe Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Added to KEV Apr 13, 2026 · Adobe Acrobat
CVE-2026-34621Plan to patch
Adobe Acrobat and Reader Prototype Pollution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Added to KEV Apr 13, 2026 · Adobe Acrobat and Reader
CVE-2025-54236Patch this week
Adobe Commerce and Magento Improper Input Validation Vulnerability
Affects anyone running Adobe Commerce and Magento. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
Added to KEV Oct 24, 2025 · Adobe Commerce and Magento
CVE-2025-54253Patch this week
Adobe Experience Manager Forms Code Execution Vulnerability
Affects anyone running Adobe Experience Manager (AEM) Forms. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
Added to KEV Oct 15, 2025 · Adobe Experience Manager (AEM) Forms
CVE-2017-3066Patch this week
Adobe ColdFusion Deserialization Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
Added to KEV Feb 24, 2025 · Adobe ColdFusion
CVE-2024-20767Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
Added to KEV Dec 16, 2024 · Adobe ColdFusion
CVE-2013-0648Plan to patch
Adobe Flash Player Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2013-0643Plan to patch
Adobe Flash Player Incorrect Default Permissions Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2014-0497Patch this week
Adobe Flash Player Integer Underflow Vulnerablity
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2014-0502Plan to patch
Adobe Flash Player Double Free Vulnerablity
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2024-34102Patch this week
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
Affects anyone running Adobe Commerce and Magento Open Source. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
Added to KEV Jul 17, 2024 · Adobe Commerce and Magento Open Source
CVE-2023-29300Known ransomware usePatch now
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Added to KEV Jan 8, 2024 · Adobe ColdFusion
CVE-2023-38203Known ransomware usePatch now
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Added to KEV Jan 8, 2024 · Adobe ColdFusion
CVE-2023-21608Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
Added to KEV Oct 10, 2023 · Adobe Acrobat and Reader
CVE-2023-26369Plan to patch
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
Added to KEV Sep 14, 2023 · Adobe Acrobat and Reader
CVE-2023-26359Patch this week
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
Added to KEV Aug 21, 2023 · Adobe ColdFusion
CVE-2023-29298Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
Added to KEV Jul 20, 2023 · Adobe ColdFusion
CVE-2023-38205Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
Added to KEV Jul 20, 2023 · Adobe ColdFusion
CVE-2023-26360Plan to patch
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Added to KEV Mar 15, 2023 · Adobe ColdFusion
CVE-2018-4990Plan to patch
Adobe Acrobat and Reader Double Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2012-5054Plan to patch
Adobe Flash Player Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2012-0767Monitor
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2012-0754Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2011-2462Patch this week
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Reader and Acrobat
CVE-2011-0609Plan to patch
Adobe Flash Player Unspecified Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2010-2883Plan to patch
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2010-1297Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2009-4324Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2009-1862Plan to patch
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader, Flash Player
CVE-2008-0655Plan to patch
Adobe Acrobat and Reader Unspecified Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2007-5659Plan to patch
Adobe Acrobat and Reader Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2009-3953Plan to patch
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2016-1010Plan to patch
Adobe Flash Player and AIR Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player and AIR. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player and AIR
CVE-2016-0984Plan to patch
Adobe Flash Player and AIR Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player and AIR. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player and AIR
CVE-2015-0310Plan to patch
Adobe Flash Player ASLR Bypass Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2015-8651Plan to patch
Adobe Flash Player Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Integer overflow in Adobe Flash Player allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2014-8439Plan to patch
Adobe Flash Player Dereferenced Pointer Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2014-0546Patch this week
Adobe Reader and Acrobat Sandbox Bypass Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.
Added to KEV May 25, 2022 · Adobe Reader and Acrobat
CVE-2018-5002Plan to patch
Adobe Flash Player Stack-based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.
Added to KEV May 23, 2022 · Adobe Flash Player
CVE-2015-5123Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-5122Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0313Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0311Patch this week
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2014-9163Plan to patch
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-3113Patch this week
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2013-2729Patch this week
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Added to KEV Mar 28, 2022 · Adobe Reader and Acrobat
CVE-2012-2034Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
Added to KEV Mar 28, 2022 · Adobe Flash Player
CVE-2016-7892Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2016-4171Patch this week
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2010-2861Known ransomware usePatch now
Adobe ColdFusion Directory Traversal Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Added to KEV Mar 25, 2022 · Adobe ColdFusion
CVE-2009-0927Plan to patch
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Added to KEV Mar 25, 2022 · Adobe Reader and Acrobat
CVE-2013-0631Plan to patch
Adobe ColdFusion Information Disclosure Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2013-0629Plan to patch
Adobe ColdFusion Directory Traversal Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2013-0625Patch this week
Adobe ColdFusion Authentication Bypass Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2009-3960Known ransomware usePatch now
Adobe BlazeDS Information Disclosure Vulnerability
Affects anyone running Adobe BlazeDS. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
Added to KEV Mar 7, 2022 · Adobe BlazeDS
CVE-2016-7855Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2017-11292Plan to patch
Adobe Flash Player Type Confusion Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2016-4117Patch this week
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2016-1019Known ransomware usePatch now
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-5119Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-3043Patch this week
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2014-0496Plan to patch
Adobe Reader and Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-3346Patch this week
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-0641Plan to patch
Adobe Reader Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Reader
CVE-2013-0640Plan to patch
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-0632Patch this week
Adobe ColdFusion Authentication Bypass Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
Added to KEV Mar 3, 2022 · Adobe ColdFusion
CVE-2012-1535Plan to patch
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2011-0611Plan to patch
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2010-0188Known ransomware usePatch now
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2008-2992Known ransomware usePatch now
Adobe Reader and Acrobat Input Validation Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Added to KEV Mar 3, 2022 · Adobe Acrobat and Reader
CVE-2015-7645Known ransomware usePatch now
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2022-24086Patch this week
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
Affects anyone running Adobe Commerce and Magento Open Source. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
Added to KEV Feb 15, 2022 · Adobe Commerce and Magento Open Source
CVE-2018-15982Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
Added to KEV Feb 15, 2022 · Adobe Flash Player
CVE-2021-21017Plan to patch
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2021-28550Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2018-4939Patch this week
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe ColdFusion
CVE-2018-15961Patch this week
Adobe ColdFusion Unrestricted File Upload Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe ColdFusion
CVE-2018-4878Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe Flash Player