CVE-2026-6839

< 1.30.0

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constan

6.6MEDIUM

CVE-2026-41667

< 1.30.0

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large

6.6MEDIUM

CVE-2026-41666

< 1.30.0

Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state p

6.6MEDIUM

CVE-2026-41665

< 1.30.0

Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initializatio

6.1MEDIUM

CVE-2026-41664

< 1.30.0

Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large ten

6.6MEDIUM

CVE-2026-40450

< 1.30.0

Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory co

6.6MEDIUM

CVE-2026-40449

< 1.30.0

Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Ope

6.6MEDIUM

CVE-2026-40448

< 1.30.0

Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in

5.3MEDIUM

CVE-2025-45614

all versions

Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a cra

7.5HIGH

CVE-2024-42024

>= 12.0.0.2498 and < 12.2.0.4093

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code ex

8.8HIGH

CVE-2024-42023

>= 12.0.0.2498 and < 12.2.0.4093

An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.

8.8HIGH

CVE-2024-42022

>= 12.0.0.2498 and < 12.2.0.4093

An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.

5.3MEDIUM

CVE-2024-42021

>= 12.0.0.2498 and < 12.2.0.4093

An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.

6.5MEDIUM

CVE-2024-42020

>= 12 and <= 12.1.0.3208

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.

5.4MEDIUM

CVE-2024-42019

< 12.2.0.4093

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service account. This attack require

8.0HIGH

CVE-2023-41723

all versions

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The critic

4.3MEDIUM

CVE-2023-38549

all versions

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTL

5.4MEDIUM

CVE-2023-38548

all versions

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTL

4.3MEDIUM

CVE-2023-38547

all versions

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to

9.8CRITICAL

CVE-2020-10915

all versions

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Auth

9.8CRITICAL

CVE-2020-10914

all versions

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Auth

9.8CRITICAL