📦 Hertzbeat
by Apache
🔍 What is Hertzbeat?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows remote code execution in Hertzbeat monitoring systems through AviatorScript injection. Attackers can execute arbitrary static methods by exploiting the unsecured expression e...
This vulnerability in Hertzbeat allows remote code execution via JNDI injection in the JMX connector implementation. Attackers can exploit the /api/monitor/detect interface by providing a malicious JM...
This XPath injection vulnerability in Apache HertzBeat allows attackers to manipulate XPath queries by injecting malicious data, potentially accessing or modifying sensitive information. It affects al...
This vulnerability allows authenticated attackers to execute arbitrary code on Apache HertzBeat servers by injecting malicious XML into HTTP sitemap responses. Attackers need authenticated access to a...
Apache HertzBeat versions before 1.6.1 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive information. This affects all users running vulnerable versio...
This vulnerability allows authorized attackers to execute arbitrary code on Apache HertzBeat servers by exploiting insecure deserialization in SnakeYaml XML parsing. It affects all Apache HertzBeat (i...
CVE-2024-42361 is a SQL injection vulnerability in Hertzbeat's monitoring endpoint that allows attackers to execute arbitrary SQL commands. This affects all Hertzbeat instances running version 1.6.0 o...
Hertzbeat versions before 1.4.1 have Spring Boot permission misconfigurations that allow unauthenticated access to three interfaces. This vulnerability enables attackers to access sensitive server inf...