1 results (0.001 seconds)
CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0
CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0CVE-2025-0396 – exelban stats XPC Service shouldAcceptNewConnection command injection
https://notcve.org/view.php?id=CVE-2025-0396
12 Jan 2025 — A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. • https://github.com/exelban/stats/releases/tag/v2.11.22 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •