CVE-2025-49218

CVE-2025-49218 describes a post-auth SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that could allow privilege escalation. The affected component is the PolicyServer’s handling of SQL queries after an attacker already has execution capability with low privileges on th...

CVE-2025-49215

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this...

CVE-2025-49211

A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability...

CVE-2025-49211

A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability...

CVE-2025-30642

CVE-2025-30642 concerns a local DoS in Trend Micro Deep Security Agent 20.0 caused by a link-following issue in the Damage Cleanup Engine. An attacker who can run code with low privileges on the target can trigger a denial of service by creating a junction that leads to file deletion, according t...

CVE-2025-49156

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2025-49157

A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2025-49157

Summary: CVE-2025-49157 affects Trend Micro Apex One Damage Cleanup Engine. The vulnerability is a link-following issue that could allow a local attacker who can run low-privilege code to escalate privileges on affected installations. The initial report provides CVSSv3.1 parameters (Local access,...

CVE-2025-49157

A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2025-49156

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2025-49156

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2025-49156

CVE-2025-49156 affects Trend Micro Apex One scan engine and is a local privilege-escalation via a link-following vulnerability. Exploitation requires attacker code execution at low privilege with no user interaction. Impact is described as high (CVE-2025-49156). Several connected sources indicate...

CVE-2025-49154

CVE-2025-49154 affects Trend Micro Apex One and Trend Micro Worry-Free Business Security with an insecure access control vulnerability that can allow a local attacker to overwrite key memory-mapped files, impacting security and stability. Root cause is improper access controls; exploitation requi...

CVE-2025-49154

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an...

CVE-2025-49154

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an...

VulnCheck KEV: CVE-2021-31728

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to .\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a...

CVE-2025-25021

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code...

CVE-2025-25021

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code...

2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an...

CVE-2024-46903

A vulnerability in Trend Micro Deep Discovery Inspector DDI versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...