| CVE-2026-30930 |
critical |
9.8 |
9.8 |
|
|
|
3mo ago |
Glances has SQL Injection via Process Names in TimescaleDB Export |
| CVE-2026-34839 |
high |
— |
8.0 |
|
|
|
1mo ago |
Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS |
| CVE-2021-23418 |
medium |
— |
5.5 |
|
|
|
5y ago |
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
|
| CVE-2026-33641 |
unknown |
— |
1.0 |
|
|
|
2mo ago |
Glances Vulnerable to Command Injection via Dynamic Configuration Values |
| CVE-2026-35588 |
unknown |
— |
— |
|
|
|
1mo ago |
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values |
| CVE-2026-35587 |
unknown |
— |
— |
|
|
|
1mo ago |
Glances has SSRF in IP Plugin via public_api leading to credential leakage |
| CVE-2026-33533 |
unknown |
— |
— |
|
|
|
2mo ago |
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: … |
| CVE-2026-32634 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers |
| CVE-2026-32633 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` |
| CVE-2026-32632 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding |
| CVE-2026-32611 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use pa… |
| CVE-2026-32610 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft |
| CVE-2026-32609 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials |
| CVE-2026-32608 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances has a Command Injection via Process Names in Action Command Templates |
| CVE-2026-32596 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances exposes the REST API without authentication |
| CVE-2026-30928 |
unknown |
— |
— |
|
|
|
3mo ago |
Glances Exposes Unauthenticated Configuration Secrets |
