EUVD-2026-22706

InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

CVE-2026-34631

InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected product/version details are provided in bot...

EUVD-2026-22440

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires...

EUVD-2026-22436

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-22438

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the curre...

CVE-2026-34627

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-27283

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34628 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-27284

CVE-2026-27284 affects InDesign Desktop versions 20.5.2, 21.2 and earlier. It is an out-of-bounds read vulnerability (CWE-125) that occurs when parsing a crafted file, potentially causing code execution in the context of the current user. Exploitation requires user interaction (the victim must op...

CVE-2026-27286

CVE-2026-27286 affects Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier. The issue is a heap-based buffer overflow that could lead to memory exposure. Exploitation requires that a user opens a malicious file, indicating a user interaction prerequisite. Affected component is the InDesign D...

CVE-2026-27283 InDesign Desktop | Use After Free (CWE-416)

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-27238 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-27291 InDesign Desktop | Out-of-bounds Write (CWE-787)

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-32701

Name of the Vulnerable Software and Affected Versions Adobe InDesign versions prior to 20.5.3 Adobe InDesign versions prior to 21.3 Description A heap-based buffer overflow occurs in the dynamic memory of the application. This issue can be triggered when a user opens a malicious file, potentially...

PT-2026-32702

Name of the Vulnerable Software and Affected Versions InDesign Desktop versions prior to 20.5.3 and 21.3 Description A heap-based buffer overflow occurs when a program writes more data to a heap-allocated memory block than it can hold. This issue allows an attacker to disclose sensitive informati...

CVE-2023-4552

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This...

CVE-2023-4551

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

OpenText AppBuilder Security Vulnerability

OpenText AppBuilder is an application from OpenText Canada. A security vulnerability exists in OpenText AppBuilder versions 21.2 through 23.2 that stems from improper input validation and allows operating system command injection...

OpenText AppBuilder Security Vulnerability

OpenText AppBuilder is an application from OpenText Canada. A security vulnerability exists in OpenText AppBuilder versions 21.2 through 23.2 that originates from incorrect input validation and allows probing of system files...

OpenText AppBuilder Code Issue Vulnerability

OpenText AppBuilder is an application from OpenText Canada. A security vulnerability exists in OpenText AppBuilder versions 21.2 through 23.2, which originates from XML External Entity Injection and allows server-side requests to forge, probe system files...