Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-55539 | Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938. | 2.5 | 0.11% | 2024-12-23 | 2026-06-17 |
| CVE-2024-34015 | Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892. | 3.3 | 0.20% | 2024-11-11 | 2026-06-17 |
| CVE-2024-55538 | Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575. | 4.0 | 0.17% | 2025-01-02 | 2026-06-17 |
| CVE-2026-28726 | Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.3 | 0.18% | 2026-03-05 | 2026-06-17 |
| CVE-2026-28724 | Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.3 | 0.18% | 2026-03-05 | 2026-06-17 |
| CVE-2026-28723 | Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.3 | 0.17% | 2026-03-05 | 2026-06-17 |
| CVE-2026-28720 | Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.3 | 0.17% | 2026-03-05 | 2026-06-17 |
| CVE-2026-28719 | Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.3 | 0.17% | 2026-03-05 | 2026-06-17 |
| CVE-2026-28709 | Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.3 | 0.15% | 2026-03-05 | 2026-06-17 |
| CVE-2025-48962 | Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. | 4.3 | 0.19% | 2025-06-04 | 2026-06-17 |
| CVE-2024-49384 | Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | 4.3 | 0.16% | 2024-10-15 | 2026-06-17 |
| CVE-2024-49383 | Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | 4.3 | 0.16% | 2024-10-15 | 2026-06-17 |
| CVE-2024-49382 | Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | 4.3 | 0.16% | 2024-10-15 | 2026-06-17 |
| CVE-2026-28716 | Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.4 | 0.09% | 2026-03-05 | 2026-06-17 |
| CVE-2025-30413 | Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | 4.4 | 0.15% | 2026-03-05 | 2026-06-17 |
| CVE-2025-11790 | Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | 4.4 | 0.11% | 2026-03-05 | 2026-06-17 |
| CVE-2024-55542 | Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895. | 4.4 | 0.16% | 2025-01-02 | 2026-06-17 |
| CVE-2024-34012 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272. | 4.4 | 0.08% | 2024-06-14 | 2026-06-17 |
| CVE-2024-8903 | Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565. | 4.7 | 0.13% | 2024-09-23 | 2026-06-17 |
| CVE-2026-28714 | Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.8 | 0.17% | 2026-03-05 | 2026-06-17 |