Filtered by vendor Trendmicro
Subscriptions
Total
559 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30680 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2025-09-08 | 7.5 High |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. | ||||
| CVE-2024-51503 | 1 Trendmicro | 1 Deep Security Agent | 2025-09-04 | 8 High |
| A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. | ||||
| CVE-2025-31286 | 1 Trendmicro | 1 Trend Vision One | 2025-09-02 | 4.6 Medium |
| An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-48443 | 1 Trendmicro | 1 Password Manager | 2025-08-27 | 6.7 Medium |
| Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. | ||||
| CVE-2025-49385 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | 7.8 High |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | ||||
| CVE-2025-49384 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | 7.8 High |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | ||||
| CVE-2024-39753 | 1 Trendmicro | 1 Apex One | 2025-07-31 | 7.5 High |
| An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-48904 | 1 Trendmicro | 1 Cloud Edge | 2025-07-31 | 9.8 Critical |
| An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability. | ||||
| CVE-2024-41183 | 2 Trend Micro Inc, Trendmicro | 2 Vpn Consumer, Vpn | 2025-07-31 | 7.8 High |
| Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges. | ||||
| CVE-2024-48903 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Deep Security Agent, Deep Security Agent | 2025-07-31 | 7.8 High |
| An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-32849 | 2 Microsoft, Trendmicro | 4 Windows, Maximum Security, Maximum Security 2022 and 1 more | 2025-07-30 | 7.8 High |
| Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | ||||
| CVE-2024-36473 | 1 Trendmicro | 1 Vpn Proxy One | 2025-07-30 | 5.3 Medium |
| Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges. | ||||
| CVE-2024-52047 | 1 Trendmicro | 1 Apex One | 2025-07-29 | 7.5 High |
| A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-28339 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2025-07-29 | 7.3 High |
| Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges. | ||||
| CVE-2024-36307 | 1 Trendmicro | 1 Apex One | 2025-06-27 | 4.7 Medium |
| A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-52337 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2025-06-20 | 7.8 High |
| An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-52330 | 1 Trendmicro | 1 Apex One | 2025-06-20 | 6.1 Medium |
| A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | ||||
| CVE-2023-52094 | 1 Trendmicro | 1 Apex One | 2025-06-20 | 7.8 High |
| An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-52092 | 1 Trendmicro | 1 Apex One | 2025-06-20 | 7.8 High |
| A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-52091 | 1 Trendmicro | 1 Apex One | 2025-06-20 | 7.8 High |
| An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||