VYPR

Vendor CVEs

Acronis

All CVEs

218 total · sorted by risk
  • CVE-2025-48962MedJun 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.

  • CVE-2024-55538MedJan 2, 2025
    risk 0.26cvss 4.0epss 0.00

    Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM…

  • CVE-2023-45249KEVJul 24, 2024
    risk 0.22cvss epss 0.54

    Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis…

  • CVE-2024-34015LowNov 11, 2024
    risk 0.21cvss 3.3epss 0.00

    Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892.

  • CVE-2024-55539LowDec 23, 2024
    risk 0.16cvss 2.5epss 0.00

    Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938.

  • CVE-2022-30995May 3, 2023
    risk 0.08cvss epss 0.03

    Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

  • CVE-2022-3405May 3, 2023
    risk 0.06cvss epss 0.05

    Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

  • CVE-2020-25736Jul 15, 2021
    risk 0.05cvss epss 0.02

    Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.

  • CVE-2020-16171Sep 21, 2020
    risk 0.04cvss epss 0.06

    An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be…

  • CVE-2008-1411Mar 20, 2008
    risk 0.04cvss epss 0.08

    The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.

  • CVE-2008-1410Mar 20, 2008
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.

  • CVE-2026-28726Mar 5, 2026
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28725Mar 5, 2026
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2025-30413Mar 5, 2026
    risk 0.00cvss epss 0.00

    Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

  • CVE-2026-28724Mar 5, 2026
    risk 0.00cvss epss 0.00

    Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28723Mar 5, 2026
    risk 0.00cvss epss 0.00

    Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28722Mar 5, 2026
    risk 0.00cvss epss 0.00

    Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

  • CVE-2026-28721Mar 5, 2026
    risk 0.00cvss epss 0.00

    Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

  • CVE-2026-28720Mar 5, 2026
    risk 0.00cvss epss 0.00

    Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28719Mar 5, 2026
    risk 0.00cvss epss 0.00

    Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28718Mar 5, 2026
    risk 0.00cvss epss 0.00

    Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28717Mar 5, 2026
    risk 0.00cvss epss 0.00

    Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

  • CVE-2026-28716Mar 5, 2026
    risk 0.00cvss epss 0.00

    Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28715Mar 5, 2026
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28714Mar 5, 2026
    risk 0.00cvss epss 0.00

    Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28713Mar 5, 2026
    risk 0.00cvss epss 0.00

    Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.

  • CVE-2026-28712Mar 5, 2026
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

  • CVE-2026-28711Mar 5, 2026
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

  • CVE-2026-28710Mar 5, 2026
    risk 0.00cvss epss 0.00

    Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2026-28709Mar 5, 2026
    risk 0.00cvss epss 0.00

    Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

  • CVE-2025-11790Mar 5, 2026
    risk 0.00cvss epss 0.00

    Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

  • CVE-2025-11791Mar 5, 2026
    risk 0.00cvss epss 0.00

    Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

  • CVE-2025-11792Mar 5, 2026
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124.

  • CVE-2025-30416Feb 20, 2026
    risk 0.00cvss epss 0.00

    Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

  • CVE-2025-30412Feb 20, 2026
    risk 0.00cvss epss 0.01

    Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

  • CVE-2025-30411Feb 20, 2026
    risk 0.00cvss epss 0.01

    Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

  • CVE-2024-55541Jan 2, 2025
    risk 0.00cvss epss 0.00

    Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.

  • CVE-2024-55540Jan 2, 2025
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

  • CVE-2024-55543Jan 2, 2025
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

  • CVE-2024-49386Oct 17, 2024
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

  • CVE-2024-49389Oct 17, 2024
    risk 0.00cvss epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

  • CVE-2024-49390Oct 17, 2024
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

  • CVE-2024-49391Oct 17, 2024
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

  • CVE-2024-49392Oct 17, 2024
    risk 0.00cvss epss 0.00

    Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

  • CVE-2024-49388Oct 15, 2024
    risk 0.00cvss epss 0.00

    Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

  • CVE-2024-49387Oct 15, 2024
    risk 0.00cvss epss 0.00

    Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

  • CVE-2024-49384Oct 15, 2024
    risk 0.00cvss epss 0.00

    Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

  • CVE-2024-49383Oct 15, 2024
    risk 0.00cvss epss 0.00

    Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

  • CVE-2024-49382Oct 15, 2024
    risk 0.00cvss epss 0.00

    Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

  • CVE-2024-34018Aug 29, 2024
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.

Page 2 of 5