Liufeng Yi

**Name of the Vulnerable Software and Affected Versions** Apache StreamPark versions 2.1.4 through 2.1.5 **Description** An issue exists in Apache StreamPark that allows authenticated users to trigger remote command execution. **Recommendations** Upgrade to version 2.1.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache HertzBeat (incubating) versions prior to 1.6.0 **Description** The software is susceptible to a remote code execution issue stemming from a malicious XML deserialization flaw within the SnakeYaml component. This issue can only be exploited by authorized attackers. **Recommendations** Upgrade to version 1.6.0 to resolve the issue.