CVE-2024-36486 – Parallels Desktop for Mac Privilege Escalation Vulnerability

June 3, 2025

CVE ID : CVE-2024-36486

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-52561 – Parallels Desktop for Mac Privilege Escalation Vulnerability

Next Article CVE-2025-5116 – WordPress WP Plugin Info Card Stored Cross-Site Scripting

Highlights

CVE-2025-35009 – Microhard BulletLTE-NA2 and IPn4Gii-NA2 Post-Auth Command Injection Vulnerability

June 8, 2025

CVE ID : CVE-2025-35009

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

ChatGPT now has an agent mode

Scrum Alliance and Kanban University partner to offer new course that teaches both methodologies

Is ChatGPT down? You’re not alone. Here’s what OpenAI is saying

I found a tablet that could replace my iPad and Kindle – and it’s worth every penny

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

Execute Ping Commands and Get Back Structured Data in PHP

Execute Ping Commands and Get Back Structured Data in PHP

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

Microsoft confirms active cyberattacks on SharePoint servers

How to Manually Check & Install Windows 11 Updates (Best Guide)

CVE-2024-36486 – Parallels Desktop for Mac Privilege Escalation Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Evaluating generative AI models with Amazon Nova LLM-as-a-Judge on Amazon SageMaker AI

Critter – chess UCI engine

CVE-2025-28028 – TOTOLINK Buffer Overflow Vulnerability

LLMs No Longer Require Powerful Servers: Researchers from MIT, KAUST, ISTA, and Yandex Introduce a New AI Approach to Rapidly Compress Large Language Models without a Significant Loss of Quality

CVE-2025-35009 – Microhard BulletLTE-NA2 and IPn4Gii-NA2 Post-Auth Command Injection Vulnerability

AI Workbenches Powering the Next Era of Underwriting | Don’t Catch Up. Leap Ahead

Love Metaphor: ReFantazio? HYTE has a new PC case and accessories for you.

5 Pocket replacements that might even be better than the original

CVE-2024-36486 – Parallels Desktop for Mac Privilege Escalation Vulnerability

Related Posts