CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-56362

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.02131EPSS

Exploits1References2

CVE•added 2025/09/09 9:30 a.m.•26 views

CVE-2025-24404

Apache HertzBeat (incubating) before 1.7.0 is affected by an XML Injection RCE vulnerability that occurs when an authenticated attacker adds a monitor that parses an XML sitemap response and returns specially crafted content. The issue can lead to remote code execution and impacts confidentiality...

8.8CVSS6.5AI score0.00486EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/09/09 12:0 a.m.•5 views

Apache HertzBeat 安全漏洞

Apache HertzBeat is a tool from Apache USA that monitors various components. A security vulnerability exists in Apache HertzBeat versions prior to 1.7.0, which stems from an XML parsing vulnerability that could lead to remote code execution...

8.8CVSS7.7AI score0.00486EPSS

Exploits0References1

OSV•added 2024/11/18 9:15 a.m.•3 views

CVE-2024-45791

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

7.5CVSS7AI score

Exploits0References3

OSV•added 2024/11/18 9:15 a.m.•4 views

CVE-2024-41151

Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

8.8CVSS7AI score

Exploits0References3

CNVD•added 2024/09/24 12:0 a.m.•5 views

Apache HertzBeat Deserialization Vulnerability

Apache HertzBeat is a tool from the American company Apache Apache that can monitor various components. A deserialization vulnerability exists in Apache HertzBeat versions prior to 1.6.0, which stems from the insecure deserialization of serialized data received from users by the SnakeYAML library...

8.8CVSS7.5AI score0.04054EPSS

Exploits0References1

OSV•added 2024/09/21 10:15 a.m.•3 views

CVE-2024-42323

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat incubating. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat incubating: before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue...

8.8CVSS8.6AI score

Exploits0References3

CNVD•added 2024/08/23 12:0 a.m.•8 views

Apache Hertzbeat SQL Injection Vulnerability

Hertzbeat is an open source real-time monitoring system. A SQL injection vulnerability exists in Hertzbeat versions prior to 1.6.0 that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands ...

9.8CVSS7.8AI score0.0108EPSS

Exploits1References1

CNNVD•added 2024/02/22 12:0 a.m.•6 views

Hertzbeat Security Vulnerabilities

Hertzbeat is an open source real-time monitoring system from the dromara organization. A security vulnerability exists in Hertzbeat versions prior to 1.4.1, which stems from the use of SnakeYAML as a parser to parse yml content at the /define/yml interface, but does not use a secure configuration...

9.8CVSS6.8AI score0.01294EPSS

Exploits1References3

Positive Technologies•added 2024/02/22 12:0 a.m.•7 views

PT-2024-14103 · Hertzbeat · Hertzbeat

Name of the Vulnerable Software and Affected Versions: Hertzbeat versions prior to 1.4.1 Description: Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in...

9.8CVSS7.9AI score0.01309EPSS

Exploits1References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by