CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5732 – Clash Proxy Port improper authentication
https://notcve.org/view.php?id=CVE-2024-5732
A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. • https://github.com/GTA12138/vul/blob/main/clash%20for%20windows.md https://vuldb.com/?ctiid.267406 https://vuldb.com/?id.267406 https://vuldb.com/?submit.345469 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26255
https://notcve.org/view.php?id=CVE-2022-26255
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. Se ha detectado que Clash for Windows versión v0.19.8, permite una ejecución de código arbitrario por medio de una carga útil diseñada inyectada en la columna de nombre de los proxies • https://github.com/Fndroid/clash_for_windows_pkg/issues/2710 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •