Skip to main content
CVE-2024-40711 CRITICAL POC KEV THREAT Act Now

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Veeam Backup Replication
NVD
CVSS 3.1
9.8
EPSS
88.2%
CVE-2024-39714 CRITICAL Act Now

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.0
9.9
EPSS
1.2%
CVE-2024-38650 CRITICAL Act Now

An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.0
9.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy