Filtered by vendor Trendmicro
Subscribe
Total
575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-69260 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 7.5 HIGH |
| A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. | |||||
| CVE-2025-69259 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 7.5 HIGH |
| A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. | |||||
| CVE-2025-69258 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 9.8 CRITICAL |
| A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | |||||
| CVE-2025-54987 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 9.4 CRITICAL |
| A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. | |||||
| CVE-2025-54948 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 9.4 CRITICAL |
| A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | |||||
| CVE-2025-53503 | 1 Trendmicro | 1 Cleaner One | 2026-06-17 | N/A | 7.8 HIGH |
| Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-53378 | 2 Microsoft, Trendmicro | 2 Windows, Worry-free Business Security Services | 2026-06-17 | N/A | 7.6 HIGH |
| A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only. | |||||
| CVE-2025-52837 | 1 Trendmicro | 1 Password Manager | 2026-06-17 | N/A | 7.8 HIGH |
| Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. | |||||
| CVE-2025-52521 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2026-06-17 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-49487 | 2 Microsoft, Trendmicro | 2 Windows, Worry-free Business Security Services | 2026-06-17 | N/A | 6.8 MEDIUM |
| An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a previous WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only. | |||||
| CVE-2025-49385 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2026-06-17 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-49384 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2026-06-17 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-49220 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 9.8 CRITICAL |
| An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method. | |||||
| CVE-2025-49219 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 9.8 CRITICAL |
| An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | |||||
| CVE-2025-49218 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2026-06-17 | N/A | 7.7 HIGH |
| A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2025-49217 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2026-06-17 | N/A | 9.8 CRITICAL |
| An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method. | |||||
| CVE-2025-49216 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2026-06-17 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. | |||||
| CVE-2025-49215 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2026-06-17 | N/A | 8.8 HIGH |
| A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2025-49214 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2026-06-17 | N/A | 8.8 HIGH |
| An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2025-49213 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2026-06-17 | N/A | 9.8 CRITICAL |
| An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method. | |||||