Every CVE whose affected-product data names Apache Hertzbeat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-51653 — CVSS 9.8 (critical): Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to…
CVE-2023-51388 — CVSS 9.8 (critical): Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression…
CVE-2023-51389 — CVSS 9.8 (critical): Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no…
CVE-2026-24343 — CVSS 8.8 (high): Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache…
CVE-2024-41151 — CVSS 8.8 (high): Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This…
CVE-2024-42323 — CVSS 8.8 (high): SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by…
CVE-2024-45505 — CVSS 8.8 (high): Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This…
CVE-2024-42362 — CVSS 8.8 (high): Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in…
CVE-2025-48208 — CVSS 8.8 (high): Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs…
CVE-2025-24404 — CVSS 8.8 (high): XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account…
CVE-2024-42361 — CVSS 7.5 (high): Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull…
CVE-2023-51650 — CVSS 7.5 (high): Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused…
CVE-2022-39337 — CVSS 7.5 (high): Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless…
CVE-2024-45791 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before…
CVE-2023-51387 — CVSS 7.2 (high): Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions…
CVE-2024-56736 — CVSS 6.5 (medium): Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users…