Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-48316 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 1.40% | 2026-07-06 | 2026-07-07 |
| CVE-2026-48303 | Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 0.55% | 2026-06-09 | 2026-06-17 |
| CVE-2026-48286 | Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 0.71% | 2026-06-30 | 2026-07-01 |
| CVE-2026-48283 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 0.63% | 2026-06-30 | 2026-07-01 |
| CVE-2026-48282 KEV | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 1.02% | 2026-06-30 | 2026-07-08 |
| CVE-2026-48281 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 0.85% | 2026-06-30 | 2026-07-01 |
| CVE-2026-48277 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 0.85% | 2026-06-30 | 2026-07-01 |
| CVE-2026-48276 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 0.92% | 2026-06-30 | 2026-07-01 |
| CVE-2026-47938 | Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed. | 10.0 | 0.45% | 2026-06-09 | 2026-06-17 |
| CVE-2025-54261 | ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed. | 10.0 | 19.93% | 2025-09-09 | 2026-06-17 |
| CVE-2025-54253 KEV | Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | 10.0 | 87.52% | 2025-08-05 | 2026-06-17 |
| CVE-2024-30299 | Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | 10.0 | 1.05% | 2024-06-13 | 2026-06-17 |
| CVE-2022-35698 | Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. | 10.0 | 9.72% | 2022-10-14 | 2026-06-17 |
| CVE-2018-4872 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled. | 10.0 | 11.73% | 2018-02-27 | 2026-06-16 |
| CVE-2017-3088 | Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution. | 10.0 | 6.15% | 2017-06-20 | 2026-06-16 |
| CVE-2017-11291 | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | 10.0 | 5.55% | 2017-12-09 | 2026-06-16 |
| CVE-2016-1044 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1062, and CVE-2016-1117. | 10.0 | 6.91% | 2016-05-11 | 2026-06-16 |
| CVE-2016-1041 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. | 10.0 | 6.29% | 2016-05-11 | 2026-06-16 |
| CVE-2016-1038 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. | 10.0 | 6.97% | 2016-05-11 | 2026-06-16 |
| CVE-2015-8459 | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645. | 10.0 | 6.12% | 2015-12-28 | 2026-06-16 |