CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2024-5732 – Clash Proxy Port improper authentication
https://notcve.org/view.php?id=CVE-2024-5732
07 Jun 2024 — A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. • https://github.com/GTA12138/vul/blob/main/clash%20for%20windows.md • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-40126
https://notcve.org/view.php?id=CVE-2022-40126
29 Sep 2022 — A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. Una configuración errónea en el directorio del perfil del Modo de Servicio de Clash para Windows versión v0.19.9, permite a atacantes escalar privilegios y ejecutar comandos arbitrarios cuando el Modo de Servicio está activado • https://github.com/LovelyWei/CVE-2022-40126 • CWE-552: Files or Directories Accessible to External Parties •