CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-27245 — Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cro...

·Source: NIST NVD

Updated:

Executive Summary

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.

Analysis

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. CVSS Score: 9.3. Published: 2026-04-14T18:16:55.890.

Indicators of Compromise (1)

CVE (1)
CVE-2026-27245
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Apr 14, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

The CISO Inbox Is Not a Sales Funnel

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ian-thornton-trump-image_small-4-a-31891.jpg" align=right hspace=4><b>Inversion6 CISO Ian Thornton-Trump on What Cybersecurity Startups Get Wrong</b><br>CISOs are bombarded with more than 400 cold outreach attempts a month - ignoring nearly all of them. If vendors want to break through, they need to stop selling and start solving,

Bank Info Security
LOWVulnerability

Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)

<p><b>Bulletin ID:</b> 2026-005-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 2026/03/02 14:30 PM PST</p> <p><b>Description:</b></p> <p>AWS-LC is an open-source, general-purpose cryptographic library. We identified three distinct issues:</p> <p>- CVE-2026-3336: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC<br> Improper c

CVE-2026-3336CVE-2026-3337
AWS Security Bulletins
LOWVulnerability

Issues with Amazon Athena ODBC Driver

<p><b>Bulletin ID:</b> 2026-013-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 2026/04/03 13:00 PM PDT</p> <p><b>Description:</b></p> <p>The Amazon Athena ODBC driver implements standard ODBC application program interfaces (APIs). The ODBC driver provides access to Amazon Athena from any C/C++ application. The Amazon Athena ODBC drive

CVE-2026-5485CVE-2026-35558
AWS Security Bulletins