17 matches found
CVE-2026-26422
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
EUVD-2026-34977
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
CVE-2026-26422
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
CVE-2026-26422
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
CVE-2026-26422
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
PT-2026-47167
Name of the Vulnerable Software and Affected Versions clash-verge-service-ipc versions prior to 2.3.0 Description The software contains a world-reachable IPC Inter-Process Communication endpoint, which is a mechanism that allows different processes to communicate. This configuration allows for...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
Clash Verge Rev 安全漏洞
Clash Verge Rev is an open source proxy tool from Clash Verge Rev. A security vulnerability exists in Clash Verge Rev 2.2.3 and earlier versions, which stems from installing system services by default and exposing critical functionality via an unauthorized HTTP API, which could lead to local...
PT-2025-40998
Name of the Vulnerable Software and Affected Versions Clash Verge versions through 2.2.3 Description The software installs system services clash-verge-service by default and exposes functions through an unauthorized HTTP API. Specifically, the /start clash API endpoint allows local users to submi...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
CVE-2025-50505
CVE-2025-50505 affects Clash Verge Rev up to 2.2.3 (fixed in 2.3.0). An unauthenticated HTTP API on 127.0.0.1:33211 (/start_clash) allows local users to submit arbitrary bin_path, config_dir, config_file, and log_file values which are passed to the service process (clash-verge-service) for execut...
EUVD-2025-32865
Clash Verge Rev thru 2.2.3 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for execution,...
Exploit for CVE-2025-50505
CVE-2025-50505 Unauthorized API Leads to Arbitrary Command Ex...