Vulnerabilities in Trend Micro, Inc.
180 resultsCVE-2023-32534—Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an atEPSS 0.7%CVE-2022-45797HIGHAn arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a ServicEPSS 0.6%CVE-2025-53378HIGHA missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticaEPSS 0.6%CVE-2024-23940HIGHTrend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable toEPSS 0.6%CVE-2024-37289HIGHAn improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installatioEPSS 0.6%CVE-2023-32552—An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certainEPSS 0.6%CVE-2024-36306MEDIUMA link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to cEPSS 0.6%CVE-2022-44653HIGHA security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalatEPSS 0.6%CVE-2023-52331HIGHA post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with iEPSS 0.6%CVE-2024-36302HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.6%CVE-2025-71212HIGHA link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected instaEPSS 0.5%CVE-2024-36358HIGHA link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate priEPSS 0.5%CVE-2023-41177MEDIUMReflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticEPSS 0.5%CVE-2023-32553—An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certainEPSS 0.5%CVE-2025-49216CRITICALAn authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as EPSS 0.5%CVE-2023-47202HIGHA local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on afEPSS 0.5%CVE-2024-52050HIGHA LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected inEPSS 0.5%CVE-2017-11379—Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.EPSS 0.5%CVE-2024-36304HIGHA Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalaEPSS 0.4%CVE-2023-25145HIGHA link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges onEPSS 0.4%