Filtered by vendor Trendmicro
Subscriptions
Total
556 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52837 | 1 Trendmicro | 1 Password Manager | 2025-10-03 | 7.8 High |
| Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. | ||||
| CVE-2025-53378 | 2 Microsoft, Trendmicro | 3 Windows, Wfbs Saas, Worry-free Business Security Services | 2025-10-03 | 7.6 High |
| A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only. | ||||
| CVE-2025-53503 | 1 Trendmicro | 2 Cleaner One, Cleaner Pro One | 2025-10-03 | 7.8 High |
| Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | ||||
| CVE-2024-53647 | 3 Apple, Google, Trendmicro | 4 Iphone Os, Android, Id Security and 1 more | 2025-09-29 | 6.5 Medium |
| Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | ||||
| CVE-2025-49155 | 1 Trendmicro | 3 Apex One, Apexone Op, Apexone Saas | 2025-09-09 | 8.8 High |
| An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. | ||||
| CVE-2025-49156 | 1 Trendmicro | 3 Apex One, Apexone Op, Apexone Saas | 2025-09-09 | 7 High |
| A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-49157 | 1 Trendmicro | 3 Apex One, Apexone Op, Apexone Saas | 2025-09-09 | 7.8 High |
| A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-49158 | 1 Trendmicro | 3 Apex One, Apexone Op, Apexone Saas | 2025-09-09 | 6.7 Medium |
| An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-30642 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-09-09 | 5.5 Medium |
| A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-30641 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-09-09 | 7.8 High |
| A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-30640 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-09-09 | 7.8 High |
| A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-55955 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-09-09 | 6.7 Medium |
| An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-49218 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 7.7 High |
| A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2025-49217 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 9.8 Critical |
| An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method. | ||||
| CVE-2025-49216 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 9.8 Critical |
| An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. | ||||
| CVE-2025-49215 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 8.8 High |
| A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2025-49214 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 8.8 High |
| An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2025-49213 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 9.8 Critical |
| An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method. | ||||
| CVE-2025-49212 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 9.8 Critical |
| An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | ||||
| CVE-2025-49211 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 7.7 High |
| A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||