Backup And Replication

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.

Published: 2026-05-28T04:01:37.753Z
Updated: 2026-05-29T03:55:46.602Z

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

Published: 2026-05-28T04:01:37.686Z
Updated: 2026-05-29T03:55:48.045Z

A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.

Published: 2026-04-17T15:32:10.755Z
Updated: 2026-04-20T14:06:52.636Z

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

Published: 2026-03-12T16:26:52.931Z
Updated: 2026-05-10T12:51:15.514Z

A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.

Published: 2026-03-12T16:26:52.213Z
Updated: 2026-05-10T13:00:07.736Z

A vulnerability allowing a low-privileged user to extract saved SSH credentials.

Published: 2026-03-12T15:09:39.200Z
Updated: 2026-05-10T12:53:07.750Z

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Published: 2026-03-12T15:09:39.284Z
Updated: 2026-05-10T13:34:10.673Z

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.

Published: 2026-03-12T15:09:39.335Z
Updated: 2026-05-10T13:33:44.706Z

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Published: 2026-03-12T15:09:39.148Z
Updated: 2026-03-13T03:55:44.508Z

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Published: 2026-03-12T15:09:39.180Z
Updated: 2026-03-13T03:55:43.772Z

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

Published: 2025-10-30T23:31:34.218Z
Updated: 2026-02-26T16:56:46.096Z

A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.

Published: 2025-10-30T23:33:01.993Z
Updated: 2026-02-26T16:56:45.241Z

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions.

Published: 2024-12-04T01:06:04.627Z
Updated: 2024-12-04T16:48:57.686Z

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.

Published: 2024-12-04T01:06:04.626Z
Updated: 2024-12-05T10:59:46.913Z

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server.

Published: 2024-12-04T01:06:04.636Z
Updated: 2025-03-13T17:40:27.483Z