VYPR

HertzBeat

by Apache

Source repositories

CVEs (10)

  • CVE-2024-42323HigSep 21, 2024
    risk 0.51cvss 8.8epss 0.04

    SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which…

  • CVE-2024-45505HigNov 18, 2024
    risk 0.50cvss 8.8epss 0.02

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are…

  • CVE-2024-41151HigNov 18, 2024
    risk 0.50cvss 8.8epss 0.01

    Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

  • CVE-2024-42361HigAug 20, 2024
    risk 0.49cvss 7.5epss 0.01

    Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.

  • CVE-2024-45791HigNov 18, 2024
    risk 0.42cvss 7.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

  • CVE-2024-56736MedApr 16, 2025
    risk 0.35cvss 6.5epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

  • CVE-2026-24343Feb 10, 2026
    risk 0.00cvss epss 0.01

    Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

  • CVE-2025-48208Sep 9, 2025
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful…

  • CVE-2025-24404Sep 9, 2025
    risk 0.00cvss epss 0.00

    XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue…

  • CVE-2024-42362HigAug 20, 2024
    risk 0.00cvss 8.8epss 0.01

    Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.

VYPR — Vulnerability Intelligence