VYPR
Vendor

Parallels

Parallels International GmbH is a software company based in Bellevue, Washington. It is involved in the development of virtualization software for MacOS. The company has over 800 employees and offices in 14 countries, including the United States, Germany, United Kingdom, France, Japan, China, Spain, Malta, Australia, and Mauritius

Founded 1999
Products
11
CVEs
123
Across products
125
Status
Private

Products

11

Recent CVEs

123
View all 123 CVEs →
  • CVE-2024-34331CriSep 23, 2024
    risk 0.64cvss 9.8epss 0.01

    A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.

  • CVE-2025-66431HigDec 3, 2025
    risk 0.51cvss 7.8epss 0.00

    WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."

  • CVE-2025-30074HigMar 16, 2025
    risk 0.51cvss 7.8epss 0.00

    Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.

  • CVE-2013-4878Jul 18, 2013
    risk 0.05cvss epss 0.31

    The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different…

  • CVE-2008-6479Mar 16, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.

  • CVE-2008-6478Mar 16, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the…

  • CVE-2007-4009Jul 26, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.

  • CVE-2006-2423May 17, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter.

  • CVE-2025-66430Dec 12, 2025
    risk 0.00cvss epss 0.00

    Plesk 18.0 has Incorrect Access Control.

  • CVE-2024-52561Jun 3, 2025
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an…

  • CVE-2024-54189Jun 3, 2025
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write…

  • CVE-2024-36486Jun 3, 2025
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to…

  • CVE-2025-31359Jun 3, 2025
    risk 0.00cvss epss 0.02

    A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.

  • CVE-2025-0413Feb 4, 2025
    risk 0.00cvss epss 0.00

    Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute…

  • CVE-2024-6240Jun 21, 2024
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application…

  • CVE-2023-27327May 3, 2024
    risk 0.00cvss epss 0.00

    Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged…

  • CVE-2023-27325May 3, 2024
    risk 0.00cvss epss 0.00

    Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code…

  • CVE-2023-27324May 3, 2024
    risk 0.00cvss epss 0.00

    Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code…

  • CVE-2023-0829Sep 20, 2023
    risk 0.00cvss epss 0.01

    Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.

  • CVE-2022-40870Nov 22, 2022
    risk 0.00cvss epss 0.01

    The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.