VYPR
Vendor

Veeam

Products
17
CVEs
81
Across products
90
Status
Private

Products

17

Recent CVEs

81
View all 81 CVEs →
  • CVE-2024-42448CriDec 12, 2024
    risk 0.69cvss 9.9epss 0.20

    From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

  • CVE-2024-39714CriSep 7, 2024
    risk 0.65cvss 9.9epss 0.01

    A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.

  • CVE-2026-21708CriMar 12, 2026
    risk 0.64cvss 9.9epss 0.01

    A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

  • CVE-2026-21669CriMar 12, 2026
    risk 0.64cvss 9.9epss 0.01

    A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

  • CVE-2024-38650CriSep 7, 2024
    risk 0.64cvss 9.9epss 0.01

    An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.

  • CVE-2024-1244CriJun 11, 2025
    risk 0.62cvss epss 0.00

    Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine…

  • CVE-2026-44963CriJun 9, 2026
    risk 0.61cvss epss 0.02

    A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

  • CVE-2026-32998CriMay 28, 2026
    risk 0.61cvss epss 0.00

    This vulnerability in Veeam Service Provider Console allows for remote code execution.

  • CVE-2026-21671CriMar 12, 2026
    risk 0.59cvss 9.1epss 0.01

    A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

  • CVE-2025-23114CriFeb 5, 2025
    risk 0.59cvss 9.0epss 0.01

    A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.

  • CVE-2026-21672HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.

  • CVE-2026-21668HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.

  • CVE-2026-32997HigMay 28, 2026
    risk 0.56cvss epss 0.01

    A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.

  • CVE-2025-32406HigApr 8, 2025
    risk 0.56cvss 8.6epss 0.00

    An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response.

  • CVE-2024-39715HigSep 7, 2024
    risk 0.56cvss 8.5epss 0.01

    A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.

  • CVE-2024-38651HigSep 7, 2024
    risk 0.56cvss 8.5epss 0.01

    A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.

  • CVE-2025-22447HigMar 6, 2025
    risk 0.51cvss 7.8epss 0.00

    Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.

  • CVE-2024-23774HigApr 30, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM…

  • CVE-2024-23773HigApr 30, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.

  • CVE-2026-21670HigMar 12, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability allowing a low-privileged user to extract saved SSH credentials.