Total CVEs

144,278

Critical Severity

4,164

High Severity

14,985

Last 7 Days

1,599
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,661 - 13,680 of 40,683 CVEs
CVE-2026-1815 MEDIUM - 5.7

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13.

Published: May 21, 2026
Source: NVD
CVE-2026-45208 HIGH - 7.8

A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2026-45207 HIGH - 7.8

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability ...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2026-45206 HIGH - 7.8

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability ...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2026-34930 HIGH - 7.8

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute low...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2026-34929 HIGH - 7.8

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to ex...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2026-34928 HIGH - 7.8

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to execu...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2026-34927 HIGH - 7.8

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2026-34926 MEDIUM - 6.7

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Ap...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2026-2740 HIGH - 8.4

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

Published: May 21, 2026
Source: NVD
CVE-2025-71217 HIGH - 7.8

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in o...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One (Mac)
Published: May 21, 2026
Source: NVD
CVE-2025-71216 HIGH - 7.8

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to e...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One (Mac)
Published: May 21, 2026
Source: NVD
CVE-2025-71215 HIGH - 7.0

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One (Mac)
Published: May 21, 2026
Source: NVD
CVE-2025-71214 HIGH - 7.8

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to expl...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One (Mac)
Published: May 21, 2026
Source: NVD
CVE-2025-71213 HIGH - 7.8

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2025-71212 HIGH - 7.8

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2025-71211 CRITICAL - 9.8

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabil...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2025-71210 CRITICAL - 9.8

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2025-13479 HIGH - 7.5

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

Vendor: PosCube Hardware Software and Consulting Ltd.
Product: QR Menu
Published: May 21, 2026
Source: NVD
CVE-2025-13477 HIGH - 7.1

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this disclos...

Vendor: Digital Operations Services Inc.
Product: WifiBurada
Published: May 21, 2026
Source: NVD