CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2025-54948	High	5.1%	Trend MicroApex One	Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.	Aug 18, 2025	KEV
CVE-2023-41179	High	2.3%	Trend MicroApex One and Worry-Free Business Security	Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.	Sep 21, 2023	KEV
CVE-2022-40139	High	12.9%	Trend MicroApex One and Apex One as a Service	Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.	Sep 15, 2022	KEV
CVE-2022-26871	High	13.6%	Trend MicroApex Central	An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.	Mar 31, 2022	KEV
CVE-2020-8467	High	30.2%	Trend MicroApex One and OfficeScan	Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.	Nov 3, 2021	KEV
CVE-2019-18187	High	78.5%	Trend MicroOfficeScan	Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.	Nov 3, 2021	KEV
CVE-2020-24557	High	1.9%	Trend MicroApex One, OfficeScan, and Worry-Free Business Security	Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.	Nov 3, 2021	KEV
CVE-2020-8599	High	57.9%	Trend MicroApex One and OfficeScan	Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.	Nov 3, 2021	KEV
CVE-2020-8468	High	18.4%	Trend MicroApex One, OfficeScan and Worry-Free Business Security Agents	Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.	Nov 3, 2021	KEV
CVE-2021-36742	High	1.9%	Trend MicroApex One, Apex One as a Service, and Worry-Free Business Security	Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.	Nov 3, 2021	KEV
CVE-2021-36741	High	0.6%	Trend MicroApex One, Apex One as a Service, and Worry-Free Business Security	Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.	Nov 3, 2021	KEV

CVE-2025-54948KEV

High

Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Trend MicroEPSS 5.1%

CVE-2023-41179KEV

High

Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

Trend MicroEPSS 2.3%

CVE-2022-40139KEV

High

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Trend MicroEPSS 12.9%

CVE-2022-26871KEV

High

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.

Trend MicroEPSS 13.6%

CVE-2020-8467KEV

High

Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.

Trend MicroEPSS 30.2%

CVE-2019-18187KEV

High

Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.

Trend MicroEPSS 78.5%

CVE-2020-24557KEV

High

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.

Trend MicroEPSS 1.9%

CVE-2020-8599KEV

High

Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.

Trend MicroEPSS 57.9%

CVE-2020-8468KEV

High

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.

Trend MicroEPSS 18.4%

CVE-2021-36742KEV

High

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.

Trend MicroEPSS 1.9%

CVE-2021-36741KEV

High

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.

Trend MicroEPSS 0.6%