Skip to main content

Clash

4 CVEs product

Monthly

CVE-2024-5732 MEDIUM POC This Month

A vulnerability was found in Clash up to 0.20.1 on Windows. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Clash
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2023-24205 CRITICAL POC Act Now

Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Clash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-40126 HIGH POC This Week

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Path Traversal Clash
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26255 CRITICAL POC Act Now

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft XSS Clash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in Clash up to 0.20.1 on Windows. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Clash
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Clash
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Path Traversal +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft XSS +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy