Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

0xJacky — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting 0xJacky. AI-powered Chinese analysis, POCs, and references for each vulnerability.

0xJacky is a decentralized exchange aggregator operating on the Ethereum blockchain, designed to optimize trading by sourcing liquidity across multiple protocols. Its core utility lies in executing swaps with minimal slippage and gas costs, making it a frequent target for attackers seeking to exploit smart contract vulnerabilities. Historically, the platform has been associated with critical security flaws, including reentrancy attacks, integer overflows, and improper access controls that could lead to unauthorized fund drainage or privilege escalation. While no massive, widely publicized breach has defined its history, the accumulation of twenty-two CVEs indicates persistent structural weaknesses in its codebase. These vulnerabilities often stem from complex integration logic with underlying liquidity providers. Users interacting with the protocol must remain vigilant, as the high frequency of reported issues suggests ongoing risks related to smart contract integrity and potential exploitation of edge cases in its aggregation algorithms.

Top products by 0xJacky: nginx-ui
CVE IDTitleCVSSSeverityPublished
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui — nginx-uiCWE-94 9.8 -2026-05-04
CVE-2026-42223 nginx-ui: Settings API Exposes Protected Secrets — nginx-uiCWE-200 6.5 Medium2026-05-04
CVE-2026-42222 nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover — nginx-uiCWE-306 8.1 High2026-05-04
CVE-2026-42221 nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim — nginx-uiCWE-306 8.1 High2026-05-04
CVE-2026-42220 nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback — nginx-uiCWE-200 6.5 Medium2026-05-04
CVE-2026-34403 Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints — nginx-uiCWE-1385 8.8AIHighAI2026-04-20
CVE-2026-33031 Nginx-UI: Disabled users retain full API access through previously issued bearer tokens — nginx-uiCWE-284 8.8AIHighAI2026-04-20
CVE-2026-33026 nginx-ui Backup Restore Allows Tampering with Encrypted Backups — nginx-uiCWE-312 8.8 -2026-03-30
CVE-2026-33027 Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory — nginx-uiCWE-22 7.1 -2026-03-30
CVE-2026-33028 Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse — nginx-uiCWE-362 8.1 -2026-03-30
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval — nginx-uiCWE-20 6.5 -2026-03-30
CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys — nginx-uiCWE-78 8.8 High2026-03-30
CVE-2026-33032 Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover — nginx-uiCWE-306 9.8 Critical2026-03-30
CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure — nginx-uiCWE-311 9.8 Critical2026-03-05
CVE-2024-49368 Unchecked logrotate settings lead to arbitrary command execution — nginx-uiCWE-20 8.8AIHighAI2024-10-21
CVE-2024-49367 Nginx UI's log path can be controlled — nginx-uiCWE-862 7.5AIHighAI2024-10-21
CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written — nginx-uiCWE-22 9.8AICriticalAI2024-10-21
CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF — nginx-uiCWE-74 8.8 High2024-01-29
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature — nginx-uiCWE-22 9.8 Critical2024-01-29
CVE-2024-22198 Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) — nginx-uiCWE-77 7.1 High2024-01-11
CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) — nginx-uiCWE-89 7.0 High2024-01-11
CVE-2024-22197 Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269) — nginx-uiCWE-77 7.7 High2024-01-11

This page lists every published CVE security advisory associated with 0xJacky. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.