Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2024-36486

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-52561

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-31359

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-54189

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4392

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4224

Published : June 3, 2025, 3:15 a.m. | 4 hours, 12 minutes ago

Description : The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4797

Published : June 3, 2025, 5:15 a.m. | 29 minutes ago

Description : The Golo – City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user’s identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user’s email address.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53010

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption may occur while attaching VM when the HLOS retains access to VM.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53013

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption may occur while processing voice call registration with user.

Severity: 6.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53015

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption while processing IOCTL command to handle buffers associated with a session.

Severity: 6.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53016

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption while processing I2C settings in Camera driver.

Severity: 6.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53017

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption while handling test pattern generator IOCTL command.

Severity: 6.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53018

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption may occur while processing the OIS packet parser.

Severity: 6.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53020

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Information disclosure may occur while decoding the RTP packet with invalid header extension from network.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-21463

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Transient DOS while processing the EHT operation IE in the received beacon frame.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53021

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Information disclosure may occur while processing goodbye RTCP packet from network.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53026

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-53019

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-21480

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-21485

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…