CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 6180 / 188
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-55543 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. 7.8 0.16% 2025-01-02 2026-06-17
CVE-2024-55542 Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895. 4.4 0.16% 2025-01-02 2026-06-17
CVE-2024-55541 Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169. 6.1 0.28% 2025-01-02 2026-06-17
CVE-2024-55540 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. 7.8 0.16% 2025-01-02 2026-06-17
CVE-2024-55538 Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575. 4.0 0.17% 2025-01-02 2026-06-17
CVE-2024-49385 Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575. 5.5 0.09% 2025-01-02 2026-06-17
CVE-2024-55539 Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938. 2.5 0.11% 2024-12-23 2026-06-17
CVE-2024-34015 Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892. 3.3 0.20% 2024-11-11 2026-06-17
CVE-2024-34014 Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181. 5.5 0.20% 2024-11-11 2026-06-17
CVE-2024-49392 Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. 4.8 0.21% 2024-10-17 2026-06-17
CVE-2024-49391 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. 7.3 0.07% 2024-10-17 2026-06-17
CVE-2024-49390 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. 7.3 0.17% 2024-10-17 2026-06-17
CVE-2024-49389 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. 7.8 0.05% 2024-10-17 2026-06-17
CVE-2024-49386 Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. 5.7 0.16% 2024-10-17 2026-06-17
CVE-2024-49388 Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 9.1 0.27% 2024-10-15 2026-06-17
CVE-2024-49387 Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 7.5 0.16% 2024-10-15 2026-06-17
CVE-2024-49384 Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 4.3 0.16% 2024-10-15 2026-06-17
CVE-2024-49383 Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 4.3 0.16% 2024-10-15 2026-06-17
CVE-2024-49382 Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 4.3 0.16% 2024-10-15 2026-06-17
CVE-2024-8903 Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565. 4.7 0.13% 2024-09-23 2026-06-17
cvelogic Threat Intelligence