These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2020-9713 is an out-of-bounds read vulnerability in Adobe Acrobat and Reader that could lead to disclosure of sensitive memory. The vulnerability affects various versions of Adobe Acrobat and Reader, including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. An attacker could leverage this vulnerability to disclose sensitive information, requiring [truncated]
CVE-2020-9695 is an out-of-bounds write vulnerability in Adobe Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523, and earlier. The vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file. The CVSS score for this vulnerability is 7.8, indicatin [truncated]
The Adobe Acrobat PDF Extension for Chrome, versions 26.5.2.2 and earlier, contains a UXSS-class cross-origin data disclosure vulnerability (CVE-2026-48294). This High-severity issue (CVSS score of 7.4) allows attackers to gain access to victim session data by exploiting user interaction, such as visiting malicious URLs or interacting with compromised web pages. Scope change occurs due to successful explo [truncated]
A Heap-based Buffer Overflow vulnerability was discovered in DNG SDK versions 1.7.1 2536 and earlier. This vulnerability, tracked as CVE-2026-47964, could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
CVE-2026-47963 is a MEDIUM-severity vulnerability in DNG SDK versions 1.7.1 2536 and earlier. The vulnerability is caused by an out-of-bounds read issue, which could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information, but exploitation requires user interaction, as a victim must open a malicious file. The CVSS score for this vulnerability is 5.5.
CVE-2026-47934 is a MEDIUM-severity vulnerability (CVSS Score: 5.5) affecting DNG SDK versions 1.7.1 2536 and earlier. The vulnerability is caused by an out-of-bounds read issue, which could lead to disclosure of sensitive memory. An attacker would need to trick a victim into opening a malicious file to exploit this issue.
CVE-2026-47927 is a MEDIUM-severity vulnerability (CVSS Score: 5.5) affecting DNG SDK versions 1.7.1 2536 and earlier. The vulnerability is caused by an out-of-bounds read issue, which could lead to disclosure of sensitive memory. An attacker would need to trick a victim into opening a malicious file to exploit this issue.
CVE-2026-47965 is an out-of-bounds write vulnerability in Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. The CVSS score for this vulnerability is 7.8, and the severity is classified as HIGH.
CVE-2026-47905 is an Uncontrolled Resource Consumption vulnerability affecting CAI Content Credentials versions [email protected], c2pa-v0.80.1, and earlier. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. This issue does not require user interaction to be exploited. The vulnerability has a CVSS score of 6.2 and a severity rat [truncated]
CVE-2026-47904 is a MEDIUM severity vulnerability in CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier. This Uncontrolled Resource Consumption vulnerability allows an attacker to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. The vulnerability has a CVSS score of 6.2 and was published [truncated]
CVE-2026-47903 is an Improper Input Validation vulnerability in CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier. This vulnerability allows an attacker to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.2, with a severity r [truncated]
CVE-2026-47902 is a MEDIUM severity vulnerability in CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2026-34712 is an Improper Input Validation vulnerability in CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier. This vulnerability allows an attacker to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34711 is an Integer Overflow or Wraparound vulnerability in CAI Content Credentials versions [email protected], c2pa-v0.80.1, and earlier. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34657 is a Path Traversal vulnerability affecting CAI Content Credentials versions [email protected], c2pa-v0.80.1, and earlier. This vulnerability could result in an arbitrary file system write, allowing an attacker to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction, as a victim must extract a maliciously crafted file.
CVE-2026-48303 is a critical vulnerability in Adobe Campaign Classic (ACC). Versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization issue, which could result in arbitrary code execution in the context of the current user. This vulnerability has a CVSS score of 10 and a severity rating of CRITICAL. Exploitation does not require user interaction, and the scope has been changed.
CVE-2026-48292 is a Heap-based Buffer Overflow vulnerability affecting Adobe Format Plugins versions 1.1.2 and earlier. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file. The CVSS score for this vulnerability is 7.8, with a severity rating of HIGH.
CVE-2026-48291 is a Heap-based Buffer Overflow vulnerability affecting Adobe Format Plugins versions 1.1.2 and earlier. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file. The CVSS score for this vulnerability is 7.8, with a severity rating of HIGH.
CVE-2026-47961 is an out-of-bounds read vulnerability in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47960 is a HIGH severity vulnerability in ColdFusion versions 2023.19, 2025.8 and earlier. This Improper Restriction of XML External Entity Reference ('XXE') vulnerability could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a [truncated]
CVE-2026-47959 is a Stack-based Buffer Overflow vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. The vulnerability could result in arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file. The CVSS score for this vulnerability is 7.8, with a severity rating of HIGH.
CVE-2026-47955 is a Use After Free vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could result in arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file.
CVE-2026-47952 is a Heap-based Buffer Overflow vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. The vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file.
A critical vulnerability was discovered in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier. This Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2026-47938, could result in privilege escalation. The vulnerability has a CVSS score of 10 and a severity rating of CRITICAL. Exploitation of this issue does not require user interaction.
CVE-2026-47937 is a HIGH-severity vulnerability in Adobe Acrobat Reader. Versions 24.001.30365, 26.001.21651, and earlier are affected by an Uncontrolled Search Path Element issue, which could allow for arbitrary code execution in the context of the current user. This requires user interaction, as a victim must open a malicious file.
CVE-2026-47932 is a Path Traversal vulnerability affecting Adobe ColdFusion versions 2023.19, 2025.8, and earlier. This vulnerability could result in a Security feature bypass, allowing an attacker to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction, as a victim must open a malicious file.
CVE-2026-47931 is a HIGH-severity vulnerability (CVSS Score: 8.4) affecting ColdFusion versions 2023.19, 2025.8, and earlier. This Improper Input Validation vulnerability could result in arbitrary code execution in the context of the current user, with exploitation not requiring user interaction. The scope of this vulnerability has been changed. For more information, refer to [cve-org] and [nvd].
CVE-2026-47929 is a HIGH-severity vulnerability in ColdFusion, a product of Adobe. The vulnerability, which has a CVSS score of 8.4, is caused by an Incorrect Authorization issue. This could allow a high-privileged attacker to execute arbitrary code in the context of the current user, potentially gaining elevated access or control over the victim's account or session. The exploitation of this issue does n [truncated]
CVE-2026-47928 is a CRITICAL vulnerability with a CVSS score of 9.6. Affected ColdFusion versions include 2023.19, 2025.8, and earlier. The vulnerability is caused by Improper Input Validation, which could result in arbitrary code execution in the context of the current user. Exploitation does not require user interaction.
CVE-2026-47926 is a MEDIUM severity vulnerability in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. The vulnerability is an out-of-bounds read issue that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information by tricking a victim into opening a malicious file. This vulnerability requires user interaction.
CVE-2026-47925 is an Integer Overflow or Wraparound vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open [truncated]
CVE-2026-47923 is an out-of-bounds read vulnerability in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47921 is a HIGH severity Use After Free vulnerability in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47919 is a Use After Free vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file.
CVE-2026-47918 is a HIGH severity Use After Free vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. The vulnerability could result in arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file. The CVSS score for this vulnerability is 7.8.
CVE-2026-47917 is a HIGH severity Use After Free vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. The vulnerability could result in arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file. The CVSS score for this vulnerability is 7.8.
CVE-2026-47916 is a Use After Free vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could result in arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file.
CVE-2026-47915 is a HIGH severity Use After Free vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. The vulnerability could result in arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file. The CVSS score for this vulnerability is 7.8.
CVE-2026-47914 is a HIGH severity Use After Free vulnerability in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. Exploitation could lead to arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file.
CVE-2026-47913 is a Use After Free vulnerability affecting Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could result in arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file. The CVSS score for this vulnerability is 7.8, classified as HIGH severity.
CVE-2026-47912 is a HIGH severity vulnerability in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. This Use After Free vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47911 is an out-of-bounds write vulnerability in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. The CVSS score for this vulnerability is 7.8, with a severity rating of HIGH.
CVE-2026-48306 is a HIGH-severity vulnerability in Adobe Substance 3D Sampler. Versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file. The CVSS score for this vulnerability is 7.8.
CVE-2026-48305 is an out-of-bounds write vulnerability in Adobe Substance 3D Sampler versions 6.0.0 and earlier. This CVE has a CVSS score of 7.8 and can result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-47910 is a MEDIUM-severity vulnerability in Adobe Dreamweaver Desktop versions 21.7 and earlier. The vulnerability is caused by an Incorrect Authorization issue, which could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction, as a victim m [truncated]
CVE-2026-47909 is an Improper Input Validation vulnerability in Adobe Dreamweaver Desktop versions 21.7 and earlier. This vulnerability could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
CVE-2026-47908 is an Access of Uninitialized Pointer vulnerability in Adobe Dreamweaver Desktop versions 21.7 and earlier. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. The CVSS score for this vulnerability is 7.8, with a severity rating of HIGH.
CVE-2026-47907 is a HIGH-severity vulnerability in Adobe Dreamweaver Desktop versions 21.7 and earlier. The vulnerability is caused by an Improper Access Control issue, which could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction, as a victim mus [truncated]
CVE-2026-47906 is a Dependency on Vulnerable Third-Party Component vulnerability affecting Adobe Dreamweaver Desktop versions 21.7 and earlier. This vulnerability could result in arbitrary code execution in the context of the current user, with a CVSS score of 8.6 and a HIGH severity rating. Exploitation requires user interaction, as a victim must open a malicious file.
CVE-2026-34710 is a high-severity vulnerability in Adobe Substance 3D Sampler, a 3D modeling and texturing software. The vulnerability, rated 7.8 CVSS score, is caused by an out-of-bounds write issue that could result in arbitrary code execution in the context of the current user. To exploit this vulnerability, a victim must open a malicious file, indicating that user interaction is required.