cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-41151,https://securityvulnerability.io/vulnerability/CVE-2024-41151,Authorized Attackers can Exploit Deserialization of Untrusted Data Vulnerability in Apache HertzBeat Before 1.6.1,"Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.",Apache,Apache Hertzbeat,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T08:45:49.288Z,0 CVE-2024-45791,https://securityvulnerability.io/vulnerability/CVE-2024-45791,Unauthorized Access to Sensitive Information in Apache HertzBeat Before 1.6.1,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.",Apache,Apache Hertzbeat,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T08:45:23.459Z,0 CVE-2024-45505,https://securityvulnerability.io/vulnerability/CVE-2024-45505,Command Injection Vulnerability in Apache HertzBeat (incubating),"Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.",Apache,Apache Hertzbeat,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T08:44:46.165Z,0 CVE-2024-42323,https://securityvulnerability.io/vulnerability/CVE-2024-42323,SnakeYaml Deserialization RCE Vulnerability in Apache HertzBeat (incubating),"SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.",Apache,Apache Hertzbeat,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-21T09:30:15.295Z,0 CVE-2024-42361,https://securityvulnerability.io/vulnerability/CVE-2024-42361,GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull},"Hertzbeat, an open-source real-time monitoring system, is susceptible to a SQL injection vulnerability in its API. The flaw exists in versions 1.6.0 and earlier, specifically within the /api/monitor/{monitorId}/metric/{metricFull} endpoint. This endpoint allows users to download job metrics and executes a SQL query using data from user inputs without sufficient validation. Consequently, attackers can manipulate the input parameters, potentially compromising the integrity and confidentiality of the database. Proper security measures should be applied to validate and sanitize all user inputs to mitigate the risk associated with this vulnerability.",Apache,Hertzbeat,9.8,CRITICAL,0.003650000086054206,false,,false,false,false,,,false,false,,2024-08-20T21:15:00.000Z,0 CVE-2024-42362,https://securityvulnerability.io/vulnerability/CVE-2024-42362,GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import,"The Hertzbeat monitoring system, an open-source real-time monitoring tool, contains a vulnerability that allows for remote code execution due to unsafe deserialization in its API endpoint '/api/monitors/import'. This flaw specifically affects authenticated user roles, potentially allowing attackers to execute arbitrary code on the server hosting Hertzbeat. The vulnerability has been addressed and mitigated in version 1.6.0, and users are encouraged to upgrade their installations accordingly. Further references for details on the vulnerability and its resolution can be found in the provided links.",Apache,Hertzbeat,8.8,HIGH,0.0017099999822676182,false,,false,false,false,,,false,false,,2024-08-20T21:15:00.000Z,0