CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5732 – Clash Proxy Port improper authentication
https://notcve.org/view.php?id=CVE-2024-5732
A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. • https://github.com/GTA12138/vul/blob/main/clash%20for%20windows.md https://vuldb.com/?ctiid.267406 https://vuldb.com/?id.267406 https://vuldb.com/?submit.345469 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-40126
https://notcve.org/view.php?id=CVE-2022-40126
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. Una configuración errónea en el directorio del perfil del Modo de Servicio de Clash para Windows versión v0.19.9, permite a atacantes escalar privilegios y ejecutar comandos arbitrarios cuando el Modo de Servicio está activado • https://github.com/LovelyWei/CVE-2022-40126 https://github.com/Fndroid/clash_for_windows_pkg/issues/3405 • CWE-552: Files or Directories Accessible to External Parties •