Veeam Backup and Replication 12.x < 12.3.2.4465 Multiple Vulnerabilities (KB4830)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.2.4465. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allowing an authenticated domain user to perform remote code execution RCE on the Backup Server...

QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QVRPro Plugin. The issue results from an exposed dangerous method. An...

CVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution RCE as the postgres user...

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

CVE-2026-32950 SQLBot: RCE via SQL Injection in Excel Upload Endpoint

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

CVE-2026-32622

SQLBot (versions ≤ 1.5.x) exposes a Stored Prompt Injection vulnerability consisting of three chained flaws: (1) missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, (2) unsanitized storage of terminology descriptions containing dangero...

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows - CVE-2026-21666 CVSS score: 9.9 - A vulnerability that allows an...

EUVD-2026-11597

A vulnerability allowing a Backup Viewer to perform remote code execution RCE as the postgres user...

CVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution RCE as the postgres user...

CVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution RCE as the postgres user...

CVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution RCE as the postgres user...

CVE-2026-21708

CVE-2026-21708 : In Veeam Backup & Replication, a vulnerability allows a Backup Viewer to perform remote code execution (RCE) with the privileges of the PostgreSQL user. Affected are 12.x versions prior to 12.3.2.4465; CVE-21708 is also addressed in 13.0.1.2067 (alongside other fixes). The connec...

CVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution RCE as the postgres user...

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities allow an authenticated domain user to remotely execute code on the backup server, which can lead to unauthorized control of backup operations. This issue is present in the backup server environment and can be...

Veeam Backup And Replication 安全漏洞

Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. There is a security vulnerability in Veeam Backup and Replication, which stems from allowing backup administrators to execute remote code as the postgres user...

PT-2026-25006

Name of the Vulnerable Software and Affected Versions Veeam Backup and Recovery affected versions not specified Description A flaw exists that allows a Backup Viewer to execute code remotely as the postgres user. This issue has a CVSS score of 10.0 and is considered critical. The vulnerability...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

PT-2026-20926

Name of the Vulnerable Software and Affected Versions RUCKUS Network Director versions prior to 4.5.0.56 Description RUCKUS Network Director RND OVA appliances include hardcoded SSH keys for the postgres user. These keys are consistent across all deployments. An attacker with network access can u...

CVE-2025-67305

In RUCKUS Network Director (RND) versions prior to 4.5.0.56, the OVA appliance ships hardcoded SSH keys for the postgres user that are identical across deployments. An attacker with network access can SSH in without a password, gain superuser access to the PostgreSQL database, and create administ...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...