Skip to main content

Backup

7 CVEs product

Monthly

CVE-2025-43596 HIGH This Month

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backup
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2025-43595 HIGH This Week

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backup
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2025-23082 HIGH This Month

Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Backup
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2020-8427 CRITICAL Act Now

In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Backup
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-15720 HIGH POC This Week

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Backup
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6329 CRITICAL POC THREAT Emergency

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Privilege Escalation Backup
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
62.5%
CVE-2014-9633 HIGH POC This Week

The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Backup
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.2%
EPSS 1% CVSS 8.5
HIGH This Month

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backup
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backup
NVD
EPSS 0% CVSS 7.2
HIGH This Month

Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Backup
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Backup
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Backup
NVD
EPSS 62% CVSS 9.8
CRITICAL POC THREAT Emergency

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Privilege Escalation Backup
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH POC This Week

The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Backup
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy