Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

26 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2021-2273

Malware in sbrugna...

9.8CVSS9.2AI score0.01119EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2025/05/23 8:0 a.m.3 views

CVE-2024-6644

A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack...

6.5CVSS6.9AI score0.00239EPSS
Exploits0References1
NVD
NVDadded 2024/07/10 5:15 p.m.11 views

CVE-2024-6644

A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack...

6.5CVSS0.00239EPSS
Exploits0References4
OSV
OSVadded 2024/07/10 5:15 p.m.3 views

CVE-2024-6644

A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack...

5.3CVSS5.3AI score
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/07/10 5:0 p.m.11 views

CVE-2024-6645 WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization

A vulnerability was found in WuKongOpenSource Wukongnocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can...

6.5CVSS6.6AI score0.00062EPSS
Exploits0References4
CVE
CVEadded 2024/07/10 5:0 p.m.42 views

CVE-2024-6645

WuKongOpenSource Wukong_nocode (up to 20230807) is affected by a deserialization vulnerability in the AviatorScript Handler component, specifically ExpressionUtil.java. The issue allows remote exploitation through manipulation of unknown functionality, with exploitation disclosed publicly. No ver...

6.5CVSS6.4AI score0.00062EPSS
Exploits0References4
Cvelist
Cvelistadded 2024/07/10 5:0 p.m.15 views

CVE-2024-6645 WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization

A vulnerability was found in WuKongOpenSource Wukongnocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can...

6.5CVSS0.00062EPSS
Exploits0References4
Cvelist
Cvelistadded 2024/07/10 4:31 p.m.16 views

CVE-2024-6644 zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization

A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack...

6.5CVSS0.00239EPSS
Exploits0References4
CVE
CVEadded 2024/07/10 4:31 p.m.36 views

CVE-2024-6644

CVE-2024-6644 affects zmops ArgusDBM up to 0.1.0, specifically the getDefaultClassLoader function in CalculateAlarm.java of the AviatorScript Handler. The issue is a deserialization vulnerability that can be exploited remotely; the exploit has been publicly disclosed. A confirmed workaround from ...

6.5CVSS6.4AI score0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/07/10 4:31 p.m.8 views

CVE-2024-6644 zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization

A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack...

6.5CVSS6.9AI score0.00239EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/07/10 12:0 a.m.1 views

PT-2024-37774 · Unknown · Aviatorscript +1

Name of the Vulnerable Software and Affected Versions: WuKongOpenSource Wukong nocode up to 20230807 Description: A critical issue was found in the AviatorScript Handler component, specifically in the ExpressionUtil.java file, allowing for deserialization through unknown functionality manipulatio...

6.5CVSS7AI score0.00062EPSS
Exploits0References9
Prion
Prionadded 2024/02/22 4:15 p.m.11 views

Design/Logic Flaw

Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...

7.5CVSS7.8AI score0.00798EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/02/22 3:53 p.m.10 views

CVE-2023-51388 HertzBeat AviatorScript Inject RCE

Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...

9.8CVSS9.7AI score0.00798EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/02/22 3:53 p.m.21 views

CVE-2023-51388 HertzBeat AviatorScript Inject RCE

Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...

9.8CVSS10AI score0.00798EPSS
Exploits1References2
CVE
CVEadded 2024/02/22 3:53 p.m.58 views

CVE-2023-51388

Hertzbeat real-time monitoring software is affected by CVE-2023-51388 due to direct execution of expressions in CalculateAlarm.java via AviatorEvaluator without a security policy, enabling AviatorScript injection. The issue is tied to Hertzbeat versions prior to 1.4.1; upgrading to version 1.4.1 ...

9.8CVSS9.8AI score0.00798EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2024/02/22 12:0 a.m.0 views

Hertzbeat Security Vulnerabilities

Hertzbeat is an open source real-time monitoring system from the dromara organization. A security vulnerability exists in Hertzbeat versions prior to 1.4.1, which stems from the direct execution of an expression function using AviatorEvaluator in CalculateAlarm.java without a configured security...

9.8CVSS7AI score0.00798EPSS
Exploits1References3
NVD
NVDadded 2023/12/22 9:15 p.m.12 views

CVE-2023-51387

Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a...

8.8CVSS0.00651EPSS
Exploits1References3
OSV
OSVadded 2023/12/22 8:46 p.m.23 views

CVE-2023-51387 Expression Injection Vulnerability in Hertzbeat

Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a...

7.2CVSS8.5AI score0.00651EPSS
Exploits1References5
OSV
OSVadded 2021/10/04 8:14 p.m.0 views

GHSA-XPV2-8PPJ-79HH Expression injection in AviatorScript

AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library BCEL...

9.8CVSS6.3AI score0.01119EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2021/10/04 8:14 p.m.84 views

Expression injection in AviatorScript

AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library BCEL...

9.8CVSS5.5AI score0.01119EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder