cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24828,https://securityvulnerability.io/vulnerability/CVE-2025-24828,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Cloud Agent for Windows,"A local privilege escalation vulnerability exists in Acronis Cyber Protect Cloud Agent for Windows due to improper handling of dynamic link libraries (DLLs). An attacker with local access could exploit this flaw to execute arbitrary code with elevated privileges, potentially compromising the system. It is essential for users of affected versions to update to build 39378 or later to safeguard against this security risk.",Acronis,Acronis Cyber Protect Cloud Agent,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:58.295Z,0
CVE-2025-24827,https://securityvulnerability.io/vulnerability/CVE-2025-24827,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Cloud Agent for Windows,"Acronis Cyber Protect Cloud Agent for Windows is susceptible to a local privilege escalation vulnerability caused by DLL hijacking. This flaw allows attackers to execute arbitrary code with elevated privileges on affected systems, potentially compromising sensitive data and system integrity. Users are advised to upgrade to build 39378 or later to mitigate this risk.",Acronis,Acronis Cyber Protect Cloud Agent,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:44.323Z,0
CVE-2025-24829,https://securityvulnerability.io/vulnerability/CVE-2025-24829,Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows,"A local privilege escalation vulnerability exists in the Acronis Cyber Protect Cloud Agent for Windows due to DLL hijacking. When exploited, this vulnerability allows an attacker with local access to gain elevated privileges, potentially compromising the system's security and integrity. Users are advised to update to build 39378 or later to mitigate this risk. For further details, refer to the vendor advisory linked here: SEC-7839.",Acronis,Acronis Cyber Protect Cloud Agent,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:28.583Z,0
CVE-2025-24830,https://securityvulnerability.io/vulnerability/CVE-2025-24830,Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows,"Acronis Cyber Protect Cloud Agent for Windows is impacted by a local privilege escalation issue stemming from DLL hijacking vulnerabilities. Attackers could potentially exploit this vulnerability to gain elevated privileges on affected systems, compromising security measures and allowing unauthorized actions.",Acronis,Acronis Cyber Protect Cloud Agent,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:13.267Z,0
CVE-2025-24831,https://securityvulnerability.io/vulnerability/CVE-2025-24831,Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows,A local privilege escalation vulnerability exists in the Acronis Cyber Protect Cloud Agent for Windows due to an unquoted search path issue. This flaw allows an attacker with local access to manipulate the environment in such a way that they may execute malicious commands with elevated privileges. Users are advised to update to build 39378 or later to mitigate the risk associated with this vulnerability.,Acronis,Acronis Cyber Protect Cloud Agent,6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:42:57.048Z,0
CVE-2025-24826,https://securityvulnerability.io/vulnerability/CVE-2025-24826,Local Privilege Escalation in Acronis Snap Deploy for Windows,"A vulnerability exists in Acronis Snap Deploy for Windows due to improper folder permissions, which could allow a local attacker to escalate privileges. This vulnerability impacts versions prior to build 4625. Users are encouraged to apply the recommended updates to safeguard their systems against potential exploitation.",Acronis,Acronis Snap Deploy,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T20:46:19.688Z,0
CVE-2024-55541,https://securityvulnerability.io/vulnerability/CVE-2024-55541,Stored Cross-Site Scripting Vulnerability in Acronis Cyber Protect 16,"A stored cross-site scripting (XSS) vulnerability exists in Acronis Cyber Protect 16 due to insufficient origin validation in the postMessage function. This flaw allows attackers to inject malicious scripts that could be executed in the context of the affected application. Users operating versions prior to build 39169 are particularly at risk. Mitigation efforts are recommended to address this vulnerability and safeguard sensitive user data. For further information, consult the vendor's advisory.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:55.281Z,0
CVE-2024-55542,https://securityvulnerability.io/vulnerability/CVE-2024-55542,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products,"A local privilege escalation vulnerability exists in the Tray Monitor service of Acronis Cyber Protect products, where excessive permissions can lead to unauthorized access and escalation of user privileges. This affects Acronis Cyber Protect 16 and Acronis Cyber Protect Cloud Agent across multiple platforms, including Linux, macOS, and Windows, prior to specified build versions. Users and organizations utilizing these products should take immediate action to update their installations to mitigate potential security risks.",Acronis,"Acronis Cyber Protect 16,Acronis Cyber Protect Cloud Agent",,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:40.928Z,0
CVE-2024-56414,https://securityvulnerability.io/vulnerability/CVE-2024-56414,Weak Hash Algorithm Vulnerability in Acronis Cyber Protect by Acronis,"A vulnerability exists in Acronis Cyber Protect 16 for Windows due to the use of a weak hash algorithm in the web installer integrity check. This flaw can potentially allow an attacker to manipulate the integrity of the installation process, leading to unauthorized access or execution of malicious code. The affected version includes all builds prior to 39169, necessitating prompt updates to mitigate associated security risks.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:10.784Z,0
CVE-2024-56413,https://securityvulnerability.io/vulnerability/CVE-2024-56413,Session Invalidation Flaw in Acronis Cyber Protect 16 by Acronis,"Acronis Cyber Protect 16 contains a vulnerability due to missing session invalidation after user deletion. This flaw potentially allows unauthorized access, which could be exploited by malicious actors to continue to use a session associated with a deleted user account, thereby compromising sensitive information and system integrity. Users of Acronis Cyber Protect 16 (Windows) prior to build 39169 should review their security measures and consider applying the latest updates to mitigate potential risks.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:00.507Z,0
CVE-2024-55540,https://securityvulnerability.io/vulnerability/CVE-2024-55540,Local Privilege Escalation in Acronis Cyber Protect 16 by Acronis,"A vulnerability exists in Acronis Cyber Protect 16, specifically affecting Windows systems prior to build 39169, allowing for local privilege escalation through DLL hijacking. Attackers could leverage this vulnerability to execute code with elevated privileges, posing significant risks to user security and the integrity of the affected systems. It is crucial for users of Acronis Cyber Protect 16 to apply the necessary updates and patches to mitigate the potential impact of this vulnerability as highlighted in the vendor advisory.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:25:48.887Z,0
CVE-2024-55543,https://securityvulnerability.io/vulnerability/CVE-2024-55543,Local Privilege Escalation in Acronis Cyber Protect 16 by Acronis,"Acronis Cyber Protect 16 contains a local privilege escalation vulnerability attributed to DLL hijacking. This vulnerability can allow unauthorized users to gain elevated privileges on affected systems. Specifically, users with local access can exploit this weakness to execute malicious code, potentially compromising the integrity and confidentiality of the system. It is crucial for users to update to build 39169 or later to mitigate the associated risks. For further details, refer to vendor advisory SEC-6418.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:24:26.589Z,0
CVE-2024-49385,https://securityvulnerability.io/vulnerability/CVE-2024-49385,Sensitive Information Disclosure in Acronis True Image by Acronis,"A vulnerability exists in Acronis True Image (Windows) that allows for sensitive information disclosure due to improper folder permissions. This security flaw can potentially expose confidential data stored within the application, affecting users who have not upgraded to build 41736 or later. The oversight in permissions can lead to unauthorized access, raising significant privacy and security concerns for both individual and enterprise users. It is crucial for users to address this vulnerability by ensuring their software version is updated to the latest build to mitigate potential risks associated with this issue.",Acronis,Acronis True Image,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T14:14:35.360Z,0
CVE-2024-55538,https://securityvulnerability.io/vulnerability/CVE-2024-55538,Sensitive Information Disclosure in Acronis True Image by Acronis,"A vulnerability has been identified in Acronis True Image where sensitive information can be disclosed due to insufficient authentication measures. This affects users of both the macOS and Windows versions of the software, specifically those using versions prior to build 41725 for macOS and build 41736 for Windows. Without adequate protective measures, unauthorized users may gain access to sensitive data, posing a risk to user privacy and data integrity. It is crucial for users to update their applications to the latest builds to mitigate this vulnerability.",Acronis,Acronis True Image,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T14:14:20.929Z,0
CVE-2024-55539,https://securityvulnerability.io/vulnerability/CVE-2024-55539,Weak Algorithm in RPM Package Signing for Acronis Products,"Acronis Cyber Protect Cloud Agent for Linux is impacted by a vulnerability due to the utilization of a weak algorithm for signing RPM packages. This flaw compromises the integrity of package verification processes, leaving systems at risk for potential exploitation. Users of Acronis Cyber Protect Cloud Agent (Linux) prior to build 39185 should immediately review their systems for exposure to this vulnerability and apply relevant mitigations or updates as necessary to enhance their security posture.",Acronis,Acronis Cyber Protect Cloud Agent,2.5,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-23T14:05:20.298Z,0
CVE-2024-34014,https://securityvulnerability.io/vulnerability/CVE-2024-34014,"Arbitrary File Overwrite Vulnerability in Acronis Backup Plugins for cPanel, Plesk, and DirectAdmin","An arbitrary file overwrite vulnerability exists in the Acronis Backup plugins for cPanel, Plesk, and DirectAdmin due to improper handling of symbolic links. This vulnerability may allow unauthorized users to overwrite files on the server, leading to potential data loss or corruption. Affected products include the Acronis Backup plugin for cPanel & WHM (Linux) prior to build 818, the Acronis Backup extension for Plesk (Linux) prior to build 599, and the Acronis Backup plugin for DirectAdmin (Linux) prior to build 181. Users are urged to apply the latest updates to mitigate risks.",Acronis,Acronis Backup,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-11T14:15:00.000Z,0
CVE-2024-34015,https://securityvulnerability.io/vulnerability/CVE-2024-34015,Sensitive Information Disclosure in Acronis Backup Plugin for cPanel & WHM,"The Acronis Backup plugin for cPanel & WHM has a vulnerability that allows for sensitive information disclosure during file browsing. This occurs due to improper handling of symbolic links, which can expose critical user and system data, creating significant data security risks. Affected users are urged to update to build 818 or later to mitigate this exposure.",Acronis,Acronis Backup plugin for cPanel & WHM,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-11T14:15:00.000Z,0
CVE-2024-49386,https://securityvulnerability.io/vulnerability/CVE-2024-49386,Acronis Cyber Files (Windows) Sensitive Information Disclosure Due to Spell-Jacking,Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.,Acronis,Acronis Cyber Files,5.7,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-10-17T09:49:45.442Z,0
CVE-2024-49389,https://securityvulnerability.io/vulnerability/CVE-2024-49389,Insecure Folder Permissions Lead to Local Privilege Escalation,"The vulnerability arises from insecure folder permissions within Acronis Cyber Files for Windows, allowing a local attacker to escalate privileges. This flaw impacts versions prior to build 9.0.0x24 and could enable unauthorized access to sensitive files or functionalities, posing significant security risks. Users are advised to review security measures and update to the latest version to mitigate the potential risks associated with this vulnerability. For further details, refer to the vendor advisory.",Acronis,Acronis Cyber Files,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T09:49:33.785Z,0
CVE-2024-49390,https://securityvulnerability.io/vulnerability/CVE-2024-49390,DLL Hijacking Vulnerability Affects Acronis Cyber Files (Windows),"A vulnerability has been identified in Acronis Cyber Files for Windows, which allows for local privilege escalation stemming from a DLL hijacking issue. This vulnerability allows an attacker to exploit the way the application loads dynamic link libraries, leading to potential unauthorized access to system resources. Users of Acronis Cyber Files versions prior to build 9.0.0x24 are at risk and should take necessary precautions as detailed in the vendor advisory.",Acronis,Acronis Cyber Files,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T09:49:16.975Z,0
CVE-2024-49391,https://securityvulnerability.io/vulnerability/CVE-2024-49391,DLL Hijacking Vulnerability Affects Acronis Cyber Files (Windows),"A local privilege escalation vulnerability has been identified in Acronis Cyber Files for Windows that may be exploited through DLL hijacking. This issue affects versions prior to build 9.0.0x24, allowing unauthorized users to elevate their privileges on the affected system. Vigilant monitoring and timely updates to the software are essential to mitigate the risk associated with this vulnerability.",Acronis,Acronis Cyber Files,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T09:48:58.555Z,0
CVE-2024-49392,https://securityvulnerability.io/vulnerability/CVE-2024-49392,Stored XSS Vulnerability Affects Acronis Cyber Files (Windows),Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.,Acronis,Acronis Cyber Files,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-17T09:48:39.748Z,0
CVE-2024-49388,https://securityvulnerability.io/vulnerability/CVE-2024-49388,Improper Authorization Leads to Sensitive Information Manipulation in Acronis Cyber Protect 16,"A vulnerability exists in Acronis Cyber Protect 16 that allows for sensitive information manipulation as a result of improper authorization processes. This flaw impacts users of the software on both Linux and Windows platforms prior to build 38690, potentially enabling unauthorized users to access or alter sensitive data. Organizations using affected versions should prioritize updating their systems to mitigate the associated risks detailed in the vendor's advisory SEC-5984.",Acronis,Acronis Cyber Protect 16,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-15T10:34:24.960Z,0
CVE-2024-49387,https://securityvulnerability.io/vulnerability/CVE-2024-49387,Sensitive Information Transmitted in Clear Text in Acronis Cyber Protect 16 Before Build 38690,"Acronis Cyber Protect 16 (Linux, Windows) before build 38690 is susceptible to a vulnerability allowing the cleartext transmission of sensitive information within the acep-collector service. This flaw may expose critical data to unauthorized interception, potentially compromising the integrity and confidentiality of user information. Users of the affected versions are encouraged to apply the necessary updates to mitigate risks associated with this vulnerability.",Acronis,Acronis Cyber Protect 16,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-15T10:34:10.675Z,0
CVE-2024-49384,https://securityvulnerability.io/vulnerability/CVE-2024-49384,Excessive attack surface in Acronis Cyber Protect 16 due to binding to unrestricted IP address,"Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",Acronis,Acronis Cyber Protect 16,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T10:33:52.655Z,0