Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

glances — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in glances, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values CWE-89 6.3 Medium2026-04-20
CVE-2026-35587 Glances IP Plugin has SSRF via public_api that leads to credential leakage CWE-918 9.8AICriticalAI2026-04-20
CVE-2026-34839 Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS CWE-200 6.5AIMediumAI2026-04-20
CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values CWE-78 7.8 High2026-04-02
CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard CWE-942 8.1AIHighAI2026-04-02
CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers CWE-346 8.1 High2026-03-18
CVE-2026-32633 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` CWE-200 9.1 Critical2026-03-18
CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding CWE-346 5.9 Medium2026-03-18
CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements CWE-89 7.0 High2026-03-18
CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft CWE-942 8.1 High2026-03-18
CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials CWE-200 7.5 High2026-03-18
CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates CWE-78 7.0 High2026-03-18
CVE-2026-32596 Glances exposes the REST API without authentication CWE-200 9.1 -2026-03-18
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export CWE-89 9.8AICriticalAI2026-03-10
CVE-2026-30928 Glances Exposes Unauthenticated Configuration Secrets CWE-200 9.1AICriticalAI2026-03-10
CVE-2021-23418 XML External Entity (XXE) Injection 6.3 Medium2021-07-29

All 16 known CVE vulnerabilities affecting glances with full Chinese analysis, references, and POCs where available.