Adobe Adobe Experience Manager
961 CVEs affecting Adobe Adobe Experience Manager. Latest disclosed: 2026-04-14. Critical: 4, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54253 | Critical | 10.0 | 2025-08-05 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacke… |
CVE-2025-64537 | Critical | 9.3 | 2025-12-10 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code exe… |
CVE-2025-64539 | Critical | 9.3 | 2025-12-10 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code exe… |
CVE-2025-64538 | Critical | 9.3 | 2025-12-10 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code exe… |
CVE-2025-46840 | High | 8.7 | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low p… |
CVE-2025-46837 | High | 8.7 | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privile… |
CVE-2025-54254 | High | 8.6 | 2025-08-05 | Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could… |
CVE-2025-54248 | High | 7.7 | 2025-09-09 | Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypas… |
CVE-2024-26029 | High | 7.5 | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A… |
CVE-2025-54247 | Medium | 6.5 | 2025-09-09 | Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypas… |
CVE-2025-54246 | Medium | 6.5 | 2025-09-09 | Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass… |
CVE-2025-54249 | Medium | 6.5 | 2025-09-09 | Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security featu… |
CVE-2024-43729 | Medium | 6.5 | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A… |
CVE-2025-47094 | Medium | 6.1 | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a… |
CVE-2025-47049 | Medium | 6.1 | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue… |
CVE-2026-34625 | Medium | 5.4 | 2026-04-14 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit th… |
CVE-2026-34623 | Medium | 5.4 | 2026-04-14 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit th… |
CVE-2026-34624 | Medium | 5.4 | 2026-04-14 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit th… |
CVE-2026-27288 | Medium | 5.4 | 2026-04-14 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit th… |
CVE-2026-27241 | Medium | 5.4 | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged… |