CVSS: 6.8EPSS: %CPEs: 1EXPL: 0CVE-2024-56736 – Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss
https://notcve.org/view.php?id=CVE-2024-56736
16 Apr 2025 — Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue. • https://lists.apache.org/thread/kdzg36h9yxp0q0n4lhcfppxntjy8rj1x • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41151 – Apache HertzBeat: RCE by notice template injection vulnerability
https://notcve.org/view.php?id=CVE-2024-41151
18 Nov 2024 — Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. • https://lists.apache.org/thread/oor9nw6nh2ojnfw8d8oxrv40cbtk5mwj • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45791 – Apache HertzBeat: Exposure sensitive token via http GET method with query string
https://notcve.org/view.php?id=CVE-2024-45791
18 Nov 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. • https://lists.apache.org/thread/jmbsfjsvrfnvosh1ftrm3ry4j3sb7doz • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45505 – Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities
https://notcve.org/view.php?id=CVE-2024-45505
18 Nov 2024 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by ... • https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 72%CPEs: 1EXPL: 0CVE-2024-42323 – Apache HertzBeat: RCE by snakeYaml deser load malicious xml
https://notcve.org/view.php?id=CVE-2024-42323
21 Sep 2024 — SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue. SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. • https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx • CWE-502: Deserialization of Untrusted Data •