Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
veeam
541147.0%CRITICAL

Related CVEs

41
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-21708A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.CRITICAL9.961.3%Mar 12, 2026
CVE-2026-21671A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.CRITICAL9.167.5%Mar 12, 2026
CVE-2026-21670A vulnerability allowing a low-privileged user to extract saved SSH credentials.MEDIUM6.531.9%Mar 12, 2026
CVE-2026-21669A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.CRITICAL9.963.6%Mar 12, 2026
CVE-2026-21668A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.MEDIUM6.539.6%Mar 12, 2026
CVE-2026-21667A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.HIGH8.862.3%Mar 12, 2026
CVE-2026-21666A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.HIGH8.862.3%Mar 12, 2026
CVE-2025-59470This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.CRITICAL9.070.8%Jan 8, 2026
CVE-2025-59469This vulnerability allows a Backup or Tape Operator to write files as root.CRITICAL9.044.6%Jan 8, 2026
CVE-2025-59468This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.CRITICAL9.162.6%Jan 8, 2026
CVE-2025-55125This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.CRITICAL9.852.0%Jan 8, 2026
CVE-2025-48984A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.HIGH8.857.7%Oct 31, 2025
CVE-2025-48983A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.CRITICAL9.951.9%Oct 31, 2025
CVE-2025-48982This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.HIGH7.85.6%Oct 31, 2025
CVE-2025-24286A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.MEDIUM4.995.2%Jun 19, 2025
CVE-2025-23121A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain userHIGH8.895.5%Jun 19, 2025
CVE-2025-23120A vulnerability allowing remote code execution (RCE) for domain users.HIGH8.896.9%Mar 20, 2025
CVE-2025-23082Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.NONE24.6%Jan 14, 2025
CVE-2024-45207DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of servicesNONE7.4%Dec 4, 2024
CVE-2024-45206A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.NONE14.6%Dec 4, 2024