Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-32521 | A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. | 9.1 | 68.94% | 2023-06-26 | 2026-06-17 |
| CVE-2023-0587 | A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. | 9.1 | 59.59% | 2023-01-31 | 2026-06-17 |
| CVE-2020-8466 | A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | 9.8 | 63.71% | 2020-12-17 | 2026-06-16 |
| CVE-2020-28578 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | 9.8 | 72.27% | 2020-11-18 | 2026-06-16 |
| CVE-2020-8606 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. | 9.8 | 72.74% | 2020-05-27 | 2026-06-16 |
| CVE-2020-8605 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. | 8.8 | 87.58% | 2020-05-27 | 2026-06-16 |
| CVE-2020-8604 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. | 7.5 | 89.66% | 2020-05-27 | 2026-06-16 |
| CVE-2018-10357 | A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability. | 8.8 | 73.93% | 2018-05-23 | 2026-06-16 |
| CVE-2018-3604 | GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 | 68.58% | 2018-02-09 | 2026-06-16 |
| CVE-2017-14078 | SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 9.8 | 50.17% | 2017-09-22 | 2026-06-16 |
| CVE-2017-11394 | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. | 9.8 | 66.77% | 2017-08-03 | 2026-06-16 |
| CVE-2017-11391 | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. | 8.8 | 61.78% | 2017-08-03 | 2026-06-16 |