Known Exploited Vulnerabilities (KEV)

CISA Catalog

Known Exploited Vulnerabilities

· Live CISA DataCISA KEV catalog — vulnerabilities with active exploitation requiring federal remediation

Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.

KEV Entries

1,619

Ransomware Use

327

Overdue

1,615

Vendors

266

Products

655

12 results · Page 1/1

CVE-2026-34926Overdue

Due: 2026-06-04
Added: 2026-05-21

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Trend Micro · Apex One

Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-54948Overdue

Due: 2025-09-08
Added: 2025-08-18

Trend Micro Apex One OS Command Injection Vulnerability

Trend Micro · Apex One

Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Required Action

CVE-2023-41179Overdue

Due: 2023-10-12
Added: 2023-09-21

Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability

Trend Micro · Apex One and Worry-Free Business Security

Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2022-40139Overdue

Due: 2022-10-06
Added: 2022-09-15

Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

Trend Micro · Apex One and Apex One as a Service

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Required Action

Apply updates per vendor instructions.

CVE-2019-18187Overdue

Due: 2022-05-03
Added: 2021-11-03

Trend Micro OfficeScan Directory Traversal Vulnerability

Trend Micro · OfficeScan

Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.

Required Action

Apply updates per vendor instructions.

CVE-2020-8468Overdue

Due: 2022-05-03
Added: 2021-11-03

Trend Micro Multiple Products Content Validation Escape Vulnerability

Trend Micro · Apex One, OfficeScan and Worry-Free Business Security Agents

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.

Required Action

Apply updates per vendor instructions.

CVE-2020-24557Overdue

Due: 2022-05-03
Added: 2021-11-03

Trend Micro Multiple Products Improper Access Control Vulnerability

Trend Micro · Apex One, OfficeScan, and Worry-Free Business Security

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.

Required Action

Apply updates per vendor instructions.

CVE-2020-8599Overdue

Due: 2022-05-03
Added: 2021-11-03

Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability

Trend Micro · Apex One and OfficeScan

Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.

Required Action

Apply updates per vendor instructions.

CVE-2021-36742Overdue

Due: 2021-11-17
Added: 2021-11-03

Trend Micro Multiple Products Improper Input Validation Vulnerability

Trend Micro · Apex One, Apex One as a Service, and Worry-Free Business Security

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.

Required Action

Apply updates per vendor instructions.

CVE-2021-36741Overdue

Due: 2021-11-17
Added: 2021-11-03

Trend Micro Multiple Products Improper Input Validation Vulnerability

Trend Micro · Apex One, Apex One as a Service, and Worry-Free Business Security

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.

Required Action

Apply updates per vendor instructions.