Filtered by vendor Trendmicro
Subscribe
Total
543 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47865 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2025-09-08 | N/A | 7.5 HIGH |
| A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. | |||||
| CVE-2025-30678 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2025-09-08 | N/A | 6.5 MEDIUM |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | |||||
| CVE-2025-30679 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2025-09-08 | N/A | 6.5 MEDIUM |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | |||||
| CVE-2025-30680 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2025-09-08 | N/A | 7.1 HIGH |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. | |||||
| CVE-2024-51503 | 1 Trendmicro | 1 Deep Security Agent | 2025-09-04 | N/A | 8.0 HIGH |
| A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. | |||||
| CVE-2025-31282 | 1 Trendmicro | 1 Trend Vision One | 2025-09-02 | N/A | 4.6 MEDIUM |
| A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31283 | 1 Trendmicro | 1 Trend Vision One | 2025-09-02 | N/A | 4.6 MEDIUM |
| A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31284 | 1 Trendmicro | 1 Trend Vision One | 2025-09-02 | N/A | 4.6 MEDIUM |
| A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31285 | 1 Trendmicro | 1 Trend Vision One | 2025-09-02 | N/A | 4.6 MEDIUM |
| A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31286 | 1 Trendmicro | 1 Trend Vision One | 2025-09-02 | N/A | 4.6 MEDIUM |
| An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-48443 | 1 Trendmicro | 1 Password Manager | 2025-08-27 | N/A | 6.7 MEDIUM |
| Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. | |||||
| CVE-2025-49385 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-49384 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-52521 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-54948 | 1 Trendmicro | 1 Apex One | 2025-08-19 | N/A | 9.4 CRITICAL |
| A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | |||||
| CVE-2025-54987 | 1 Trendmicro | 1 Apex One | 2025-08-12 | N/A | 9.4 CRITICAL |
| A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. | |||||
| CVE-2024-58104 | 1 Trendmicro | 1 Apex One | 2025-08-01 | N/A | 7.3 HIGH |
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-58105 | 1 Trendmicro | 1 Apex One | 2025-08-01 | N/A | 7.3 HIGH |
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-39753 | 1 Trendmicro | 1 Apex One | 2025-07-31 | N/A | 7.5 HIGH |
| An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-48904 | 1 Trendmicro | 1 Cloud Edge | 2025-07-31 | N/A | 9.8 CRITICAL |
| An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability. | |||||