High
CVSS: 7.5
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this…
High
CVSS: 7.5
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to expl…
Critical
CVSS: 9.8
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on…
Critical
CVSS: 9.4
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as C…
Critical
KEV CVSS: 9.4
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
High
CVSS: 7.8
Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
High
CVSS: 7.6
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations.
Also note: this vul…
High
CVSS: 7.8
Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any f…
High
CVSS: 7.8
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
High
CVSS: 7.8
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
High
CVSS: 7.8
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
High
CVSS: 7.7
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215.
Please note: a…
Critical
CVSS: 9.8
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is i…
Critical
CVSS: 9.8
An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
High
CVSS: 8.8
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-…
High
CVSS: 8.8
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.
Please note: an attacker must first obtain the ability to exec…
Critical
CVSS: 9.8
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is i…
Critical
CVSS: 9.8
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is i…
High
CVSS: 7.7
A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged…
Medium
CVSS: 6.7
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context…