Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cloudflare — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting cloudflare. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Cloudflare operates as a global content delivery network and distributed reverse proxy service, providing DDoS mitigation, web application firewall capabilities, and DNS resolution. Its infrastructure handles massive internet traffic, making it a critical component of modern web security. Historically, vulnerabilities in its software stack have frequently involved remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from complex configuration management or third-party dependencies. While the company maintains a robust security posture with extensive bug bounty programs, the sheer scale of its attack surface results in a significant number of recorded CVEs. Notable incidents have included configuration errors leading to temporary outages or data exposure, highlighting the challenges of maintaining security at such a vast operational scale. These events underscore the importance of rigorous internal security practices and continuous monitoring within large-scale distributed systems.

Found 14 results / 57Clear Filters
Top products by cloudflare: WARP octorpki quiche WARP Client Wrangler https://github.com/cloudflare/pingora CIRCL cloudflared odoh-rs gokey workers-sdk Cloudflare-WordPress zlib miniflare tokio-boring lol-html cfnts lua-resty-json workerd goflow Cloudflare WARP for Windows
CVE IDTitleCVSSSeverityPublished
CVE-2025-0651 File symlink abuse might lead to deleting files belonging to SYSTEM user — WARPCWE-269 7.1 -2025-01-22
CVE-2023-2754 Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client — WARPCWE-319 7.4 High2023-08-03
CVE-2023-0652 Local Privilege Escalation in Cloudflare WARP Installer (Windows) — WARPCWE-59 7.0 High2023-04-06
CVE-2023-1412 Local Privilege Escalation Vulnerability in WARP's MSI Installer — WARPCWE-59 7.0 High2023-04-05
CVE-2022-4428 support_uri validation missing in WARP client for Windows — WARPCWE-20 8.9 High2023-01-11
CVE-2022-4457 WARP client manifest misconfiguration leading to Task Hijacking — WARPCWE-200 5.5 Medium2023-01-11
CVE-2022-3320 Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3322 Lock WARP switch bypass on WARP mobile client using iOS quick action — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3337 Lock WARP switch bypass by removing VPN profile on iOS mobile client — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3321 Lock WARP switch feature bypass on WARP mobile client for iOS — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3512 Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-2225 Zero Trust Secure Web Gateway policies bypass using WARP client subcommands — WARPCWE-284 8.1 High2022-07-26
CVE-2022-2145 Cloudlfare WARP Arbitrary File Overwrite — WARPCWE-20 5.8 Medium2022-06-28
CVE-2022-2147 Unquoted Service Path in Cloudflare WARP for Windows — WARPCWE-428 6.5 Medium2022-06-23

This page lists every published CVE security advisory associated with cloudflare. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.