CVE-2025-49236

Missing Authorization vulnerability in raychat Raychat raychat allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Raychat: from n/a through = 2.1.0...

CVE-2025-5757

A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument...

PT-2025-24275

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns a problem with reading SQE fields in the Linux kernel when the ring is being resized simultaneously. This is related to the io uring/fdinfo functionality, specifically...

CVE-2024-52561

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change...

CVE-2024-54189

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary fil...

CVE-2025-5632

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument changetoadmin leads to sql injection. T...

CVE-2024-54189

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary fil...

CVE-2024-52561

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change...

CVE-2024-54189

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary fil...

CVE-2024-52561

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change...

CVE-2024-52561

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change...

CVE-2024-54189

Summary: CVE-2024-54189 is a local privilege-escalation vulnerability in Parallels Desktop for Mac 20.1.1 (build 55740). During VM snapshot creation, the root-level prl_disp_service writes metadata to a snapshot.xml file in a VM directory owned by a normal user. An attacker can replace that file ...

CVE-2024-52561

Summary: CVE-2024-52561 is a privilege-escalation vulnerability in Parallels Desktop for Mac 20.1.1 (build 55740). During snapshot deletion, the root service (prl_disp_service) verifies and may change ownership of files under the Snapshot directory. Attackers can exploit a symlink to replace the ...

CVE-2024-54189

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary fil...

PT-2025-23598

Name of the Vulnerable Software and Affected Versions Parallels Desktop for Mac version 20.1.1 build 55740 Description A privilege escalation issue exists in the Snapshot functionality of Parallels Desktop for Mac. When a snapshot of a virtual machine is taken, a root service writes to a file own...

PT-2025-23597

Name of the Vulnerable Software and Affected Versions Parallels Desktop for Mac version 20.1.1 build 55740 Description A privilege escalation issue exists in the Snapshot functionality of Parallels Desktop for Mac. When a snapshot of a virtual machine is deleted, a root service verifies and...

2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an...

Parallels Desktop prl_disp_service Snapshots SymLink Change Ownership Privilege Escalation

Talos Vulnerability Report TALOS-2024-2123 Parallels Desktop prldispservice Snapshots SymLink Change Ownership Privilege Escalation June 3, 2025 CVE Number CVE-2024-52561 SUMMARY A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1...

CVE-2025-48941

CVE-2025-48941 (MyBB) : Affected software: MyBB versions prior to 1.8.39. Issue: the internal search does not properly validate thread visibility, allowing a user with search access to infer the existence of hidden threads (draft, unapproved, or soft-deleted) by title. The visible flag (mybb_thre...

CVE-2025-5401

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument pid leads...