Every CVE whose affected-product data names Clash Project Clash, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-26255 — CVSS 9.8 (critical): Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.
CVE-2023-24205 — CVSS 9.8 (critical): Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the…
CVE-2020-24772 — CVSS 8.8 (high): In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the…
CVE-2022-40126 — CVSS 7.8 (high): A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute…