Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 272/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-49218(opens NVD record) | High | 7.7 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-49217(opens NVD record) | Critical | 9.8 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method. | Jun 17, 2025 |
| CVE-2025-49216(opens NVD record) | Critical | 9.8 | An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. | Jun 17, 2025 |
| CVE-2025-49215(opens NVD record) | High | 8.8 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-49214(opens NVD record) | High | 8.8 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-49213(opens NVD record) | Critical | 9.8 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method. | Jun 17, 2025 |
| CVE-2025-49212(opens NVD record) | Critical | 9.8 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | Jun 17, 2025 |
| CVE-2025-49211(opens NVD record) | High | 7.7 | A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-48443(opens NVD record) | Medium | 6.7 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. | Jun 17, 2025 |
| CVE-2025-30642(opens NVD record) | Medium | 5.5 | A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-30641(opens NVD record) | High | 7.8 | A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-30640(opens NVD record) | High | 7.8 | A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-30680(opens NVD record) | High | 7.1 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. | Jun 17, 2025 |
| CVE-2025-30679(opens NVD record) | Medium | 6.5 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | Jun 17, 2025 |
| CVE-2025-30678(opens NVD record) | Medium | 6.5 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | Jun 17, 2025 |
| CVE-2025-49487(opens NVD record) | Medium | 6.8 | An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a previous WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only. | Jun 17, 2025 |
| CVE-2025-49158(opens NVD record) | Medium | 6.7 | An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-49157(opens NVD record) | High | 7.8 | A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-49156(opens NVD record) | High | 7.0 | A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-49155(opens NVD record) | High | 8.8 | An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. | Jun 17, 2025 |
| CVE-2025-49154(opens NVD record) | High | 8.7 | An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-49220(opens NVD record) | Critical | 9.8 | An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method. | Jun 17, 2025 |
| CVE-2025-49219(opens NVD record) | Critical | 9.8 | An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | Jun 17, 2025 |
| CVE-2025-47867(opens NVD record) | High | 7.5 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. | Jun 17, 2025 |
| CVE-2025-47866(opens NVD record) | Medium | 4.3 | An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. | Jun 17, 2025 |
| CVE-2025-47865(opens NVD record) | High | 7.5 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. | Jun 17, 2025 |
| CVE-2025-33122(opens NVD record) | High | 7.5 | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege. | Jun 17, 2025 |
| CVE-2025-6199(opens NVD record) | Low | 3.3 | A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. | Jun 17, 2025 |
| CVE-2025-6196(opens NVD record) | Medium | 5.5 | A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service. | Jun 17, 2025 |
| CVE-2025-4879(opens NVD record) | High | 7.8 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | Jun 17, 2025 |
| CVE-2025-0320(opens NVD record) | High | 7.8 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | Jun 17, 2025 |
| CVE-2025-5777(opens NVD record) | High | 7.5 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | Jun 17, 2025 |
| CVE-2025-5349(opens NVD record) | High | 8.8 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | Jun 17, 2025 |
| CVE-2025-4365(opens NVD record) | High | 7.5 | Arbitrary file read in NetScaler Console and NetScaler SDX (SVM) | Jun 17, 2025 |
| CVE-2025-5309(opens NVD record) | Critical | 9.8 | The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution. | Jun 16, 2025 |
| CVE-2025-6170(opens NVD record) | Low | 2.5 | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. | Jun 16, 2025 |
| CVE-2025-49795(opens NVD record) | High | 7.5 | A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. | Jun 16, 2025 |
| CVE-2025-36632(opens NVD record) | High | 7.8 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. | Jun 16, 2025 |
| CVE-2025-36041(opens NVD record) | Medium | 4.7 | IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions. | Jun 15, 2025 |
| CVE-2025-1411(opens NVD record) | High | 7.8 | IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges. | Jun 15, 2025 |
| CVE-2025-33108(opens NVD record) | High | 8.5 | IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system. | Jun 14, 2025 |
| CVE-2025-6083(opens NVD record) | Medium | 4.3 | In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id. | Jun 13, 2025 |
| CVE-2025-6035(opens NVD record) | Medium | 6.1 | A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios. | Jun 13, 2025 |
| CVE-2025-36633(opens NVD record) | High | 8.8 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. | Jun 13, 2025 |
| CVE-2025-36631(opens NVD record) | High | 8.4 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. | Jun 13, 2025 |
| CVE-2025-46060(opens NVD record) | Critical | 9.8 | Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component | Jun 13, 2025 |
| CVE-2025-4227(opens NVD record) | Low | 3.5 | An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute. | Jun 13, 2025 |
| CVE-2025-47959(opens NVD record) | High | 7.1 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. | Jun 13, 2025 |
| CVE-2025-30399(opens NVD record) | High | 7.5 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | Jun 13, 2025 |
| CVE-2025-4232(opens NVD record) | High | 8.8 | An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root. | Jun 13, 2025 |