CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 4160506 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-30679 A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. 6.5 0.29% 2025-06-17 2026-06-17
CVE-2025-30678 A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. 6.5 0.29% 2025-06-17 2026-06-17
CVE-2025-49487 An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise ver 6.8 0.17% 2025-06-17 2026-06-17
CVE-2025-49158 An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 6.7 0.05% 2025-06-17 2026-06-17
CVE-2025-49157 A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.8 0.16% 2025-06-17 2026-06-17
CVE-2025-49156 A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.0 0.08% 2025-06-17 2026-06-17
CVE-2025-49155 An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. 8.8 0.79% 2025-06-17 2026-06-17
CVE-2025-49154 An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 8.7 0.05% 2025-06-17 2026-06-17
CVE-2025-49220 An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method. 9.8 1.93% 2025-06-17 2026-06-17
CVE-2025-49219 An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. 9.8 1.33% 2025-06-17 2026-06-17
CVE-2025-47867 A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. 7.5 1.60% 2025-06-17 2026-06-17
CVE-2025-47866 An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. 4.3 0.24% 2025-06-17 2026-06-17
CVE-2025-47865 A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. 7.5 1.56% 2025-06-17 2026-06-17
CVE-2025-31286 An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. 4.6 0.38% 2025-04-02 2026-06-17
CVE-2025-31285 A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. 4.6 0.26% 2025-04-02 2026-06-17
CVE-2025-31284 A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. 4.6 0.26% 2025-04-02 2026-06-17
CVE-2025-31283 A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. 4.6 0.26% 2025-04-02 2026-06-17
CVE-2025-31282 A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. 4.6 0.26% 2025-04-02 2026-06-17
CVE-2024-58105 A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.3 0.15% 2025-03-25 2026-06-17
CVE-2024-58104 A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.3 0.15% 2025-03-25 2026-06-17
cvelogic Threat Intelligence