28 matches found
CVE-2022-26255
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column...
EUVD-2022-43445
Malicious code in bioql PyPI...
EUVD-2022-30818
Malicious code in bioql PyPI...
EUVD-2023-28264
Malicious code in bioql PyPI...
CVE-2023-24205
Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...
CVE-2022-40126
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...
CVE-2023-24205
Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...
CVE-2023-24205
Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...
Remote code execution
Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...
CVE-2023-24205
Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...
Clash 安全漏洞
Clash is a multi-platform proxy client developed in the Go language by the individual developers of Dreamacro. A security vulnerability exists in Clash for Windows version v0.20.12, which stems from the presence of a Remote Code Execution RCE vulnerability...
CVE-2023-24205
CVE-2023-24205 affects Clash for Windows v0.20.12, with a remote code execution (RCE) vulnerability exploitable via overwriting the configuration file (cfw-setting.yaml). The NVD/NVD-derived metrics assign CVSSv3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Root cau...
CVE-2023-24205
Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...
CVE-2022-40126
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...
CVE-2022-40126
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...
Design/Logic Flaw
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...
CVE-2022-40126
CVE-2022-40126 describes a misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 that allows privilege escalation and arbitrary command execution when Service Mode is activated. Public sources consistently identify the affected software as Clash for Windows and the v...
CVE-2022-40126
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...
CVE-2022-40126
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...
Clash 安全漏洞
Clash is a multi-platform agent client developed in the Go language by the individual developers of Dreamacro. A security vulnerability exists in Clash for Windows version v0.19.9, which originates from a misconfiguration in the Service Mode Configuration File directory, and can be exploited by a...