threat
engine
.sh
Back
·
··:··
Home
/
Product
/
adobe connect
Product
adobe connect
97 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34617
< 12.11
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in p
8.7
HIGH
CVE-2026-34615
< 12.11
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could resu
9.3
CRITICAL
CVE-2026-34614
< 12.11
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attac
6.1
MEDIUM
CVE-2026-27303
< 12.11
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could resu
9.6
CRITICAL
CVE-2026-27246
< 12.11
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker
9.3
CRITICAL
CVE-2026-27245
< 12.11
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker
9.3
CRITICAL
CVE-2026-27243
< 12.11
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker
9.3
CRITICAL
CVE-2026-21331
< 12.11
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attac
6.1
MEDIUM
CVE-2025-54196
< 12.10
Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An at
4.3
MEDIUM
CVE-2025-49553
< 12.10
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploit
9.3
CRITICAL
CVE-2025-49552
< 12.10
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploit
8.1
HIGH
CVE-2025-43567
< 12.9
Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused
9.3
CRITICAL
CVE-2025-30316
< 12.9
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by
5.4
MEDIUM
CVE-2025-30315
< 12.9
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by
6.1
MEDIUM
CVE-2025-30314
< 12.9
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by
6.1
MEDIUM
CVE-2024-8474
< 3.5.0
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the applica
7.5
HIGH
CVE-2024-54051
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
6.1
MEDIUM
CVE-2024-54050
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
6.1
MEDIUM
CVE-2024-54049
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attack
6.1
MEDIUM
CVE-2024-54048
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauth
6.1
MEDIUM
CVE-2024-54047
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauth
6.1
MEDIUM
CVE-2024-54046
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauth
6.1
MEDIUM
CVE-2024-54045
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauth
6.1
MEDIUM
CVE-2024-54044
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauth
6.1
MEDIUM
CVE-2024-54043
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauth
6.1
MEDIUM
CVE-2024-54042
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauth
6.1
MEDIUM
CVE-2024-54041
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be ab
5.4
MEDIUM
CVE-2024-54040
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be ab
5.4
MEDIUM
CVE-2024-54039
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be ab
5.4
MEDIUM
CVE-2024-54038
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Se
4.3
MEDIUM
CVE-2024-54037
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be
8.1
HIGH
CVE-2024-54036
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be ab
9.3
CRITICAL
CVE-2024-54034
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attack
9.3
CRITICAL
CVE-2024-54032
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be ab
9.3
CRITICAL
CVE-2024-49550
< 11.4.9
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attack
6.1
MEDIUM
CVE-2023-7245
>= 3.2.0 and < 3.4.8
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a loca
7.8
HIGH
CVE-2023-7224
>= 3.0.0 and <= 3.4.6
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the
7.8
HIGH
CVE-2022-3761
< 3.4.0.4506
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attack
5.9
MEDIUM
CVE-2023-4665
< 9.0
Incorrect Execution-Assigned Permissions vulnerability in Saphira Connect allows Privilege Escalation. This issue affects
8.8
HIGH
CVE-2023-4664
< 9.0
Incorrect Default Permissions vulnerability in Saphira Connect allows Privilege Escalation. This issue affects Saphira Co
8.8
HIGH
CVE-2023-4663
< 9.0
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Connect allows Refl
6.1
MEDIUM
CVE-2023-4662
< 9.0
Execution with Unnecessary Privileges vulnerability in Saphira Connect allows Remote Code Inclusion. This issue affects S
9.8
CRITICAL
CVE-2023-4661
< 9.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Connect allo
9.8
CRITICAL
CVE-2023-29306
<= 12.3
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is ab
6.1
MEDIUM
CVE-2023-29305
<= 12.3
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is ab
6.1
MEDIUM
CVE-2022-4901
< 2.2.90
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via
3.3
LOW
CVE-2022-48310
< 2.2.90
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Conne
5.5
MEDIUM
CVE-2022-48309
< 2.2.90
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older th
4.3
MEDIUM
CVE-2023-22232
>= 11.0 and <= 11.4.5
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that co
5.3
MEDIUM
CVE-2022-32550
< 1.5.3
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connec
4.8
MEDIUM
CVE-2021-40719
<= 11.2.3
Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary m
9.8
CRITICAL
CVE-2021-40721
>= 11.0 and <= 11.2.3
Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is
6.1
MEDIUM
CVE-2021-36063
<= 11.2.2
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by a
5.4
MEDIUM
CVE-2021-36062
<= 11.2.2
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by a
5.4
MEDIUM
CVE-2021-36061
<= 11.2.2
Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' para
5.4
MEDIUM
CVE-2021-36758
< 1.2
1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that
5.4
MEDIUM
CVE-2021-3613
>= 3.2.0 and <= 3.3.0
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration f
7.8
HIGH
CVE-2021-28579
< 11.2.2
Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation
4.3
MEDIUM
CVE-2020-15075
<= 3.2.6
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlin
7.1
HIGH
CVE-2021-26715
<= 1.3.3
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerabi
9.1
CRITICAL
CVE-2021-25265
< 2.1
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
8.8
HIGH
CVE-2021-21085
<= 11.0.7
Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker cou
7.8
HIGH
CVE-2021-21080
<= 11.0.7
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could
6.1
MEDIUM
CVE-2021-21079
<= 11.0.7
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could
6.1
MEDIUM
CVE-2021-27582
<= 1.3.3
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.
9.1
CRITICAL
CVE-2020-4747
all versions
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session
9.8
CRITICAL
CVE-2020-5674
all versions
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a
7.8
HIGH
CVE-2020-24443
<= 11.0
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is ab
6.1
MEDIUM
CVE-2020-24442
<= 11.0
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is ab
6.1
MEDIUM
CVE-2020-4587
all versions
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by impr
7.8
HIGH
CVE-2020-9442
<= 3.1.0.361
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which all
7.8
HIGH
CVE-2020-5497
<= 1.3.3
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the
6.1
MEDIUM
CVE-2013-4691
all versions
Sencha Labs Connect has XSS with connect.methodOverride()
6.1
MEDIUM
CVE-2013-7371
< 2.8.2
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE
6.1
MEDIUM
CVE-2013-7370
< 2.8.1
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
6.1
MEDIUM
CVE-2018-19718
<= 9.8.1
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposu
5.3
MEDIUM
CVE-2018-12805
<= 9.7.5
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to pri
9.8
CRITICAL
CVE-2018-12804
<= 9.7.5
Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to sessio
9.8
CRITICAL
CVE-2018-3717
< 2.14.0
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in d
5.4
MEDIUM
CVE-2018-4994
<= 9.7.5
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could le
7.5
HIGH
CVE-2018-4923
<= 9.7
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary f
9.1
CRITICAL
CVE-2018-4921
<= 9.7
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation cou
6.1
MEDIUM
CVE-2017-11291
<= 9.6.2
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists tha
10.0
CRITICAL
CVE-2017-11290
<= 9.6.2
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This iss
6.1
MEDIUM
CVE-2017-11289
<= 9.6.2
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that ca
6.1
MEDIUM
CVE-2017-11288
<= 9.6.2
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that ca
6.1
MEDIUM
CVE-2017-11287
<= 9.6.2
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that ca
6.1
MEDIUM
CVE-2017-3103
<= 9.6.1
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a
6.1
MEDIUM
CVE-2017-3102
<= 9.6.1
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead t
6.1
MEDIUM
CVE-2017-3101
<= 9.6.1
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking a
7.5
HIGH
CVE-2016-7851
<= 9.5.6
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability c
6.1
MEDIUM
CVE-2016-4118
<= 9.5.2
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to
7.8
HIGH
CVE-2016-0950
<= 9.5.2
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.
5.3
MEDIUM
CVE-2016-0949
<= 9.5.2
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.
9.8
CRITICAL
CVE-2016-0948
<= 9.5
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication
8.8
HIGH
CVE-2015-0344
<= 9.3
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary we
CVE-2015-0343
<= 9.3
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote at
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin