cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24830,https://securityvulnerability.io/vulnerability/CVE-2025-24830,Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows,"Acronis Cyber Protect Cloud Agent for Windows is impacted by a local privilege escalation issue stemming from DLL hijacking vulnerabilities. Attackers could potentially exploit this vulnerability to gain elevated privileges on affected systems, compromising security measures and allowing unauthorized actions.",Acronis,Acronis Cyber Protect Cloud Agent,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:13.267Z,0
CVE-2024-49389,https://securityvulnerability.io/vulnerability/CVE-2024-49389,Insecure Folder Permissions Lead to Local Privilege Escalation,"The vulnerability arises from insecure folder permissions within Acronis Cyber Files for Windows, allowing a local attacker to escalate privileges. This flaw impacts versions prior to build 9.0.0x24 and could enable unauthorized access to sensitive files or functionalities, posing significant security risks. Users are advised to review security measures and update to the latest version to mitigate the potential risks associated with this vulnerability. For further details, refer to the vendor advisory.",Acronis,Acronis Cyber Files,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T09:49:33.785Z,0
CVE-2024-49390,https://securityvulnerability.io/vulnerability/CVE-2024-49390,DLL Hijacking Vulnerability Affects Acronis Cyber Files (Windows),"A vulnerability has been identified in Acronis Cyber Files for Windows, which allows for local privilege escalation stemming from a DLL hijacking issue. This vulnerability allows an attacker to exploit the way the application loads dynamic link libraries, leading to potential unauthorized access to system resources. Users of Acronis Cyber Files versions prior to build 9.0.0x24 are at risk and should take necessary precautions as detailed in the vendor advisory.",Acronis,Acronis Cyber Files,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T09:49:16.975Z,0
CVE-2024-49391,https://securityvulnerability.io/vulnerability/CVE-2024-49391,DLL Hijacking Vulnerability Affects Acronis Cyber Files (Windows),"A local privilege escalation vulnerability has been identified in Acronis Cyber Files for Windows that may be exploited through DLL hijacking. This issue affects versions prior to build 9.0.0x24, allowing unauthorized users to elevate their privileges on the affected system. Vigilant monitoring and timely updates to the software are essential to mitigate the risk associated with this vulnerability.",Acronis,Acronis Cyber Files,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T09:48:58.555Z,0
CVE-2024-49388,https://securityvulnerability.io/vulnerability/CVE-2024-49388,Improper Authorization Leads to Sensitive Information Manipulation in Acronis Cyber Protect 16,"A vulnerability exists in Acronis Cyber Protect 16 that allows for sensitive information manipulation as a result of improper authorization processes. This flaw impacts users of the software on both Linux and Windows platforms prior to build 38690, potentially enabling unauthorized users to access or alter sensitive data. Organizations using affected versions should prioritize updating their systems to mitigate the associated risks detailed in the vendor's advisory SEC-5984.",Acronis,Acronis Cyber Protect 16,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-15T10:34:24.960Z,0
CVE-2024-49387,https://securityvulnerability.io/vulnerability/CVE-2024-49387,Sensitive Information Transmitted in Clear Text in Acronis Cyber Protect 16 Before Build 38690,"Acronis Cyber Protect 16 (Linux, Windows) before build 38690 is susceptible to a vulnerability allowing the cleartext transmission of sensitive information within the acep-collector service. This flaw may expose critical data to unauthorized interception, potentially compromising the integrity and confidentiality of user information. Users of the affected versions are encouraged to apply the necessary updates to mitigate risks associated with this vulnerability.",Acronis,Acronis Cyber Protect 16,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-15T10:34:10.675Z,0
CVE-2024-34017,https://securityvulnerability.io/vulnerability/CVE-2024-34017,Acronis Snap Deploy Vulnerability: DLL Hijacking Threat,"A vulnerability exists in Acronis Snap Deploy for Windows, which allows local privilege escalation through DLL hijacking. This vulnerability can be exploited by an attacker who has local access to the system, enabling the execution of unauthorized code with elevated privileges. Affected users should upgrade to build 4569 or later to mitigate potential security risks. Continuous monitoring and adherence to security best practices are recommended to protect sensitive systems.",Acronis,Acronis Snap Deploy,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-29T19:14:19.067Z,0
CVE-2024-34019,https://securityvulnerability.io/vulnerability/CVE-2024-34019,Acronis Snap Deploy DLL Hijacking Vulnerability,"A recent vulnerability has been identified in Acronis Snap Deploy for Windows, allowing local privilege escalation due to improper handling of DLL files, commonly known as DLL hijacking. This security flaw could enable an attacker with local access to escalate their privileges, potentially leading to unauthorized actions within the affected system. It is crucial for users of Acronis Snap Deploy to apply any available patches or updates to mitigate this vulnerability. For more detailed information, refer to the official advisory at Acronis security advisory SEC-3079.",Acronis,Acronis Snap Deploy,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-29T19:12:46.700Z,0
CVE-2023-45249,https://securityvulnerability.io/vulnerability/CVE-2023-45249,Acronis Cyber Infrastructure Vulnerable to Remote Command Execution Due to Default Passwords,"The vulnerability CVE-2023-45249 affects Acronis Cyber Infrastructure (ACI) and allows for remote command execution due to the use of default passwords. This vulnerability has been exploited in the wild, and threat actors taking advantage of it do not require authentication or user interaction. The impacted versions of ACI are 5.0 before build 5.0.1-61, 5.1 before build 5.1.1-71, 5.2 before build 5.2.1-69, 5.3 before build 5.3.1-53, and 5.4 before build 5.4.4-132. The vendor, Acronis, has issued updates to mitigate this vulnerability and recommends that all users install the updates immediately. The company has not provided specific details on the nature of the attacks or how to mitigate the risk of exploitation. However, the potential impact could involve remote code execution, with possible implications for cryptojacking and ransomware attacks.",Acronis,Acronis Cyber Infrastructure,9.8,CRITICAL,0.8967099785804749,true,2024-07-29T00:00:00.000Z,true,false,true,2024-07-29T00:00:00.000Z,,false,false,,2024-07-24T14:03:56.481Z,0
CVE-2024-34013,https://securityvulnerability.io/vulnerability/CVE-2024-34013,Acronis True Image (macOS) Before Build 41396 Vulnerable to Local Privilege Escalation Due to OS Command Injection,"A security vulnerability has been identified in Acronis True Image for macOS due to local privilege escalation stemming from OS command injection. This vulnerability can potentially allow unauthorized users to execute commands with elevated privileges, which could lead to harmful modifications or access to sensitive data on affected systems. It is critical for users and administrators to ensure that they update to the latest build to mitigate the risks associated with this vulnerability.",Acronis,Acronis True Image,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-18T13:36:39.924Z,0
CVE-2022-45449,https://securityvulnerability.io/vulnerability/CVE-2022-45449,Acronis Cyber Protect 15 Discloses Sensitive Information Due to Excessive Privileges,"A vulnerability exists in Acronis Cyber Protect 15 due to excessive privileges assigned to the Acronis Agent, which could potentially lead to sensitive information disclosure. This issue affects both Windows and Linux versions of the software prior to build 30984. Administrators and users should ensure they are using the latest version to mitigate risks associated with unauthorized access to confidential data.",Acronis,Acronis Cyber Protect 15,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T14:47:21.100Z,0
CVE-2023-48684,https://securityvulnerability.io/vulnerability/CVE-2023-48684,Sensitive Information Disclosure in Acronis Cyber Protect Cloud Agent,"The vulnerability results from inadequate authorization checks within the Acronis Cyber Protect Cloud Agent, permitting unauthorized access to sensitive information. Attackers exploiting this flaw can manipulate data and potentially escalate their access privileges. The issue affects users of the software on Linux, macOS, and Windows platforms prior to build 37758, making prompt updates essential to mitigate risks.",Acronis,Acronis Cyber Protect Cloud Agent,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-29T16:15:00.000Z,0
CVE-2024-34010,https://securityvulnerability.io/vulnerability/CVE-2024-34010,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products,"A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows for local privilege escalation. This vulnerability arises due to an unquoted search path, which could be exploited to gain unauthorized elevated privileges on affected Windows systems. Versions prior to build 37758 of Acronis Cyber Protect Cloud Agent and build 38690 of Acronis Cyber Protect 16 are susceptible. Users of these products are encouraged to update their software to mitigate potential security risks.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-29T16:15:00.000Z,0
CVE-2023-48677,https://securityvulnerability.io/vulnerability/CVE-2023-48677,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Home Office for Windows,"Acronis Cyber Protect Home Office for Windows is susceptible to a local privilege escalation vulnerability caused by DLL hijacking. This issue allows an attacker to execute arbitrary code with elevated privileges, potentially compromising system integrity. Users are advised to update to the latest build (40901 or higher) to mitigate risks associated with this vulnerability.",Acronis,"Acronis Cyber Protect Home Office,Acronis Cyber Protect Cloud Agent",7.8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-12-12T09:15:00.000Z,0
CVE-2023-45248,https://securityvulnerability.io/vulnerability/CVE-2023-45248,Local Privilege Escalation in Acronis Cyber Protect Products,"A local privilege escalation vulnerability exists in Acronis Cyber Protect products due to improper handling of dynamic-link library (DLL) files, allowing an attacker to leverage this flaw for unauthorized access and execution of arbitrary code. This issue impacts versions prior to build 36497 of Acronis Cyber Protect Cloud Agent and versions before build 37391 of Acronis Cyber Protect 16, presenting potential risks for users and organizations relying on these solutions.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-09T12:15:00.000Z,0
CVE-2023-45247,https://securityvulnerability.io/vulnerability/CVE-2023-45247,Sensitive Information Disclosure in Acronis Cyber Protect Products,"A vulnerability exists in Acronis Cyber Protect products that allows unauthorized access to sensitive information due to missing authorization checks. This exposure may lead to data manipulation, putting users at risk. The affected versions include Acronis Cyber Protect Cloud Agent prior to build 36497 and Acronis Cyber Protect 16 prior to build 39169. Users are urged to update their software to mitigate potential risks.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-09T12:15:00.000Z,0
CVE-2023-45246,https://securityvulnerability.io/vulnerability/CVE-2023-45246,Sensitive Information Disclosure and Manipulation in Acronis Cyber Protect Products,"A vulnerability has been identified in Acronis Cyber Protect products that allows for sensitive information disclosure and manipulation due to missing authorization mechanisms. Users of Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 on Linux, macOS, and Windows platforms, especially those running builds prior to 36343 and 39169 respectively, are advised to review the detailed advisory and implement the necessary updates to safeguard their systems.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-06T11:15:00.000Z,0
CVE-2023-45244,https://securityvulnerability.io/vulnerability/CVE-2023-45244,Sensitive Information Disclosure Vulnerability in Acronis Cyber Protect Products,"A vulnerability exists within Acronis Cyber Protect products, allowing unauthorized access to sensitive information due to inadequate authorization checks. Specifically, this affects Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 across multiple operating systems prior to specific builds. Attackers could exploit this flaw to manipulate or access sensitive data without sufficient permissions, leading to potential data breaches.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-06T10:15:00.000Z,0
CVE-2023-44212,https://securityvulnerability.io/vulnerability/CVE-2023-44212,Sensitive Information Disclosure in Acronis Agent by Acronis,"Acronis Agent versions prior to build 31477 are susceptible to a vulnerability that allows unauthorized users to access and manipulate sensitive information due to inadequate authorization measures. This flaw could lead to significant privacy breaches, as unauthorized users might exploit this weakness to obtain confidential data, making it essential for users to update to the latest version of the product. For detailed information and mitigation steps, refer to the Acronis advisory at SEC-5528.",Acronis,Acronis Agent,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-05T22:15:00.000Z,0
CVE-2023-44211,https://securityvulnerability.io/vulnerability/CVE-2023-44211,Sensitive Information Disclosure in Acronis Cyber Protect Products,"A missing authorization vulnerability affects Acronis Cyber Protect products, allowing unauthorized access to sensitive information. This issue impacts multiple builds across the Cyber Protect Cloud Agent and Cyber Protect 16, potentially exposing users' data to risk. Acronis has provided an advisory detailing the affected versions and recommended actions to mitigate this vulnerability.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-05T22:15:00.000Z,0
CVE-2023-44210,https://securityvulnerability.io/vulnerability/CVE-2023-44210,Sensitive Information Disclosure in Acronis Agent by Acronis,"Acronis Agent products on Linux, macOS, and Windows contain a vulnerability that allows unauthorized access to sensitive information. This flaw results from a missing authorization mechanism, which could be exploited by attackers to manipulate or disclose confidential data. Users of affected versions should update to build 29258 or later to mitigate this risk.",Acronis,Acronis Agent,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-04T20:15:00.000Z,0
CVE-2023-44208,https://securityvulnerability.io/vulnerability/CVE-2023-44208,Sensitive Information Disclosure in Acronis Cyber Protect Home Office,"This vulnerability arises from a missing authorization mechanism, allowing unauthorized access to sensitive information within the Acronis Cyber Protect Home Office application. This can lead to potential data manipulation, putting user data at risk. Affected users should promptly update to the latest version to mitigate these risks.",Acronis,Acronis Cyber Protect Home Office,9.1,CRITICAL,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-10-04T12:15:00.000Z,0
CVE-2023-44206,https://securityvulnerability.io/vulnerability/CVE-2023-44206,Sensitive Information Disclosure in Acronis Cyber Protect by Acronis,A vulnerability has been identified in Acronis Cyber Protect 15 that allows for sensitive information disclosure and manipulation due to improper authorization mechanisms. This issue affects both Linux and Windows versions prior to build 35979. Organizations utilizing these affected builds should apply necessary patches to mitigate risks associated with unauthorized access to sensitive data.,Acronis,Acronis Cyber Protect 15,7.1,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-09-27T15:19:00.000Z,0
CVE-2022-46869,https://securityvulnerability.io/vulnerability/CVE-2022-46869,Local Privilege Escalation in Acronis Cyber Protect Home Office for Windows,"A vulnerability exists in Acronis Cyber Protect Home Office for Windows that allows local privilege escalation due to improper handling of soft links. Attackers could exploit this flaw during the installation process, potentially gaining elevated privileges on the affected system. Organizations using versions prior to build 40278 are advised to update their software to mitigate such risks. Ensure regular updates and patches are applied to protect against this and other vulnerabilities.",Acronis,Acronis Cyber Protect Home Office,7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-31T19:16:47.094Z,0
CVE-2023-41746,https://securityvulnerability.io/vulnerability/CVE-2023-41746,Remote Command Execution Vulnerability in Acronis Cloud Manager for Windows,"A vulnerability has been identified in Acronis Cloud Manager for Windows, attributed to improper input validation, which could allow remote command execution by an attacker. Users are advised to update to build 6.2.23089.203 or later to mitigate risks. For comprehensive information, refer to the vendor advisory.",Acronis,Acronis Cloud Manager,8,HIGH,0.002139999996870756,false,,false,false,false,,,false,false,,2023-08-31T18:15:00.000Z,0