Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2018-10511 | A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | 10.0 | 0.35% | 2018-08-15 | 2024-11-21 |
| CVE-2025-71211 | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigate | 9.8 | 0.57% | 2026-05-21 | 2026-05-21 |
| CVE-2025-71210 | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have | 9.8 | 0.55% | 2026-05-21 | 2026-05-21 |
| CVE-2025-69258 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | 9.8 | 0.81% | 2026-01-08 | 2026-01-15 |
| CVE-2025-49220 | An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method. | 9.8 | 8.36% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49219 | An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | 9.8 | 7.76% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49217 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method. | 9.8 | 2.97% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49216 | An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. | 9.8 | 0.24% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49213 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method. | 9.8 | 5.27% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49212 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | 9.8 | 5.27% | 2025-06-17 | 2025-09-08 |
| CVE-2024-48904 | An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability. | 9.8 | 7.25% | 2024-10-22 | 2025-07-31 |
| CVE-2023-32557 | A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | 9.8 | 6.43% | 2023-06-26 | 2024-11-21 |
| CVE-2023-25143 | An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | 9.8 | 1.94% | 2023-03-10 | 2025-03-05 |
| CVE-2022-40144 | A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. | 9.8 | 1.82% | 2022-09-19 | 2024-11-21 |
| CVE-2022-26871 KEV | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. | 9.8 | 21.30% | 2022-03-29 | 2025-12-22 |
| CVE-2022-25330 | Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. | 9.8 | 4.91% | 2022-02-24 | 2024-11-21 |
| CVE-2022-25329 | Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. | 9.8 | 2.63% | 2022-02-24 | 2024-11-21 |
| CVE-2021-36745 | A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | 9.8 | 18.72% | 2021-09-29 | 2024-11-21 |
| CVE-2020-8606 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. | 9.8 | 89.60% | 2020-05-27 | 2024-11-21 |
| CVE-2020-8600 | Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | 9.8 | 1.14% | 2020-03-18 | 2024-11-21 |