VYPR

Vendor CVEs

Trend Micro

All CVEs

696 total · sorted by risk
  • CVE-2025-69259Jan 8, 2026
    risk 0.00cvss epss 0.01

    A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability..

  • CVE-2025-69258Jan 8, 2026
    risk 0.00cvss epss 0.03

    A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

  • CVE-2025-54987Aug 5, 2025
    risk 0.00cvss epss 0.17

    A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different…

  • CVE-2025-53503Jul 10, 2025
    risk 0.00cvss epss 0.00

    Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

  • CVE-2025-53378Jul 10, 2025
    risk 0.00cvss epss 0.01

    A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS…

  • CVE-2025-52837Jul 10, 2025
    risk 0.00cvss epss 0.00

    Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege…

  • CVE-2025-52521Jul 10, 2025
    risk 0.00cvss epss 0.00

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

  • CVE-2025-49385Jun 17, 2025
    risk 0.00cvss epss 0.00

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

  • CVE-2025-49384Jun 17, 2025
    risk 0.00cvss epss 0.00

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

  • CVE-2025-48443Jun 17, 2025
    risk 0.00cvss epss 0.00

    Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the…

  • CVE-2025-49218Jun 17, 2025
    risk 0.00cvss epss 0.00

    A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the…

  • CVE-2025-49217Jun 17, 2025
    risk 0.00cvss epss 0.01

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.

  • CVE-2025-49216Jun 17, 2025
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

  • CVE-2025-49215Jun 17, 2025
    risk 0.00cvss epss 0.00

    A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to…

  • CVE-2025-49214Jun 17, 2025
    risk 0.00cvss epss 0.01

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-49213Jun 17, 2025
    risk 0.00cvss epss 0.08

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.

  • CVE-2025-49212Jun 17, 2025
    risk 0.00cvss epss 0.08

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

  • CVE-2025-49211Jun 17, 2025
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit…

  • CVE-2025-30642Jun 17, 2025
    risk 0.00cvss epss 0.00

    A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-30641Jun 17, 2025
    risk 0.00cvss epss 0.00

    A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2025-30640Jun 17, 2025
    risk 0.00cvss epss 0.00

    A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2025-30680Jun 17, 2025
    risk 0.00cvss epss 0.00

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex…

  • CVE-2025-30679Jun 17, 2025
    risk 0.00cvss epss 0.00

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.

  • CVE-2025-30678Jun 17, 2025
    risk 0.00cvss epss 0.00

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.

  • CVE-2025-49487Jun 17, 2025
    risk 0.00cvss epss 0.00

    An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to…

  • CVE-2025-49158Jun 17, 2025
    risk 0.00cvss epss 0.00

    An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in…

  • CVE-2025-49157Jun 17, 2025
    risk 0.00cvss epss 0.00

    A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in…

  • CVE-2025-49156Jun 17, 2025
    risk 0.00cvss epss 0.00

    A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2025-49155Jun 17, 2025
    risk 0.00cvss epss 0.01

    An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.

  • CVE-2025-49154Jun 17, 2025
    risk 0.00cvss epss 0.00

    An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. …

  • CVE-2025-47867Jun 17, 2025
    risk 0.00cvss epss 0.02

    A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

  • CVE-2025-47866Jun 17, 2025
    risk 0.00cvss epss 0.00

    An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.

  • CVE-2025-47865Jun 17, 2025
    risk 0.00cvss epss 0.02

    A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations.

  • CVE-2025-31286Apr 2, 2025
    risk 0.00cvss epss 0.00

    An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability.

  • CVE-2025-31285Apr 2, 2025
    risk 0.00cvss epss 0.00

    A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already…

  • CVE-2025-31282Apr 2, 2025
    risk 0.00cvss epss 0.00

    A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already…

  • CVE-2024-58105Mar 25, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. …

  • CVE-2024-58104Mar 25, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2022-28339Feb 22, 2025
    risk 0.00cvss epss 0.00

    Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.

  • CVE-2024-55955Dec 31, 2024
    risk 0.00cvss epss 0.00

    An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to…

  • CVE-2024-55917Dec 31, 2024
    risk 0.00cvss epss 0.00

    An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2024-55632Dec 31, 2024
    risk 0.00cvss epss 0.00

    A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit…

  • CVE-2024-55631Dec 31, 2024
    risk 0.00cvss epss 0.00

    An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2024-52050Dec 31, 2024
    risk 0.00cvss epss 0.00

    A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2024-52049Dec 31, 2024
    risk 0.00cvss epss 0.00

    A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048. Please note: an attacker must first obtain the ability to…

  • CVE-2024-52048Dec 31, 2024
    risk 0.00cvss epss 0.00

    A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52049. Please note: an attacker must first obtain the ability to…

  • CVE-2024-52047Dec 31, 2024
    risk 0.00cvss epss 0.01

    A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2024-51503Nov 19, 2024
    risk 0.00cvss epss 0.04

    A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain…

  • CVE-2024-48903Oct 22, 2024
    risk 0.00cvss epss 0.01

    An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2024-46903Oct 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in…

Page 6 of 14