Microsoft: Security Vulnerabilities
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.
CVSS Score
9.8
EPSS Score
0.026
Published
2025-06-17
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations.
CVSS Score
7.5
EPSS Score
0.005
Published
2025-06-17
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-17
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.
CVSS Score
7.5
EPSS Score
0.005
Published
2025-06-17
An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
CVSS Score
9.8
EPSS Score
0.026
Published
2025-06-17
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
CVSS Score
7.8
EPSS Score
0.0
Published
2025-06-17
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-06-13
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-06-13
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template
CVSS Score
8.8
EPSS Score
0.002
Published
2025-06-12
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-11