PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-30642

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service DoS situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2025-30640

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2025-49218

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute...

CVE-2025-49218

CVE-2025-49218 describes a post-auth SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that could allow privilege escalation. The affected component is the PolicyServer’s handling of SQL queries after an attacker already has execution capability with low privileges on th...

CVE-2025-49215

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this...

CVE-2025-49211

A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability...

CVE-2025-49211

A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability...

CVE-2025-30642

CVE-2025-30642 concerns a local DoS in Trend Micro Deep Security Agent 20.0 caused by a link-following issue in the Damage Cleanup Engine. An attacker who can run code with low privileges on the target can trigger a denial of service by creating a junction that leads to file deletion, according t...

CVE-2025-49156

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2025-49157

A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2025-49157

A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2025-49157

Summary: CVE-2025-49157 affects Trend Micro Apex One Damage Cleanup Engine. The vulnerability is a link-following issue that could allow a local attacker who can run low-privilege code to escalate privileges on affected installations. The initial report provides CVSSv3.1 parameters (Local access,...

CVE-2025-49156

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2025-49156

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2025-49156

CVE-2025-49156 affects Trend Micro Apex One scan engine and is a local privilege-escalation via a link-following vulnerability. Exploitation requires attacker code execution at low privilege with no user interaction. Impact is described as high (CVE-2025-49156). Several connected sources indicate...

CVE-2025-49154

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an...

CVE-2025-49154

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an...

CVE-2025-49154

CVE-2025-49154 affects Trend Micro Apex One and Trend Micro Worry-Free Business Security with an insecure access control vulnerability that can allow a local attacker to overwrite key memory-mapped files, impacting security and stability. Root cause is improper access controls; exploitation requi...

2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an...