CVE-2025-0396

HIGH Year: 2025
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2010-4654

HIGH
CVSS:7.8(High)

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

CWE-742010

CVE-2014-7844

HIGH
CVSS:7.8(High)

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

CWE-742014

CVE-2014-7952

HIGH
CVSS:7.8(High)

The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.

CWE-742014

CVE-2015-1975

HIGH
CVSS:7.8(High)

The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iF...

CWE-742015

CVE-2017-1000052

HIGH
CVSS:7.8(High)

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.

CWE-742017

CVE-2017-1000454

HIGH
CVSS:7.8(High)

CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1

CWE-742017