Filtered by vendor Veeam
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59470 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-14 | N/A | 9.0 CRITICAL |
| This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. | |||||
| CVE-2025-59469 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-14 | N/A | 9.0 CRITICAL |
| This vulnerability allows a Backup or Tape Operator to write files as root. | |||||
| CVE-2025-59468 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-14 | N/A | 9.0 CRITICAL |
| This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. | |||||
| CVE-2025-55125 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-12 | N/A | 7.8 HIGH |
| This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. | |||||
| CVE-2025-48983 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-12-01 | N/A | 9.9 CRITICAL |
| A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user. | |||||
| CVE-2025-48982 | 1 Veeam | 1 Veeam Agent For Windows | 2025-12-01 | N/A | 7.8 HIGH |
| This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file. | |||||
| CVE-2025-23082 | 1 Veeam | 1 Backup | 2025-11-18 | N/A | 7.2 HIGH |
| Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-48984 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-11 | N/A | 8.8 HIGH |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. | |||||
| CVE-2023-27532 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | N/A | 7.5 HIGH |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | |||||
| CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | |||||
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 10.0 HIGH | 9.8 CRITICAL |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2024-40711 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-10-30 | N/A | 9.8 CRITICAL |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | |||||
| CVE-2025-24286 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-16 | N/A | 7.2 HIGH |
| A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. | |||||
| CVE-2025-23121 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-15 | N/A | 8.8 HIGH |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user | |||||
| CVE-2024-29855 | 1 Veeam | 1 Recovery Orchestrator | 2025-07-14 | N/A | 9.0 CRITICAL |
| Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | |||||
| CVE-2024-40715 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-11 | N/A | 7.7 HIGH |
| A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. | |||||
| CVE-2024-29849 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 9.8 CRITICAL |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | |||||
| CVE-2024-29850 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 8.8 HIGH |
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | |||||
| CVE-2024-29851 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 7.2 HIGH |
| Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | |||||
| CVE-2024-29852 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 2.7 LOW |
| Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | |||||