Filtered by vendor Trendmicro
Subscribe
Total
575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49212 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2026-06-17 | N/A | 9.8 CRITICAL |
| An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | |||||
| CVE-2025-49211 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2026-06-17 | N/A | 7.7 HIGH |
| A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2025-49158 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 6.7 MEDIUM |
| An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-49157 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 7.8 HIGH |
| A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-49156 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 7.0 HIGH |
| A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-49155 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 8.8 HIGH |
| An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. | |||||
| CVE-2025-49154 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2026-06-17 | N/A | 8.7 HIGH |
| An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-48443 | 1 Trendmicro | 1 Password Manager | 2026-06-17 | N/A | 6.7 MEDIUM |
| Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. | |||||
| CVE-2025-47867 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 7.5 HIGH |
| A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. | |||||
| CVE-2025-47866 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 4.3 MEDIUM |
| An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. | |||||
| CVE-2025-47865 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 7.5 HIGH |
| A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. | |||||
| CVE-2025-31286 | 1 Trendmicro | 1 Trend Vision One | 2026-06-17 | N/A | 4.6 MEDIUM |
| An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31285 | 1 Trendmicro | 1 Trend Vision One | 2026-06-17 | N/A | 4.6 MEDIUM |
| A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31284 | 1 Trendmicro | 1 Trend Vision One | 2026-06-17 | N/A | 4.6 MEDIUM |
| A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31283 | 1 Trendmicro | 1 Trend Vision One | 2026-06-17 | N/A | 4.6 MEDIUM |
| A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31282 | 1 Trendmicro | 1 Trend Vision One | 2026-06-17 | N/A | 4.6 MEDIUM |
| A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-30680 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 7.1 HIGH |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. | |||||
| CVE-2025-30679 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 6.5 MEDIUM |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | |||||
| CVE-2025-30678 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 6.5 MEDIUM |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | |||||
| CVE-2025-30642 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2026-06-17 | N/A | 5.5 MEDIUM |
| A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||