CVE-2023-24162 — CVSS 9.8 (critical): Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml…
CVE-2023-24163 — CVSS 9.8 (critical): SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
CVE-2018-17297 — CVSS 7.5 (high): The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal…
CVE-2022-45688 — CVSS 7.5 (high): A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted…
CVE-2022-45690 — CVSS 7.5 (high): A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a…
CVE-2023-42278 — CVSS 7.5 (high): hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
CVE-2023-51075 — CVSS 7.5 (high): hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows…
CVE-2023-51080 — CVSS 7.5 (high): The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
CVE-2023-33695 — CVSS 7.1 (high): Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at…
CVE-2025-56769 — CVSS 6.5 (medium): An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary…
CVE-2022-4565 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file…