nicolargo — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting nicolargo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by nicolargo:glances

CVE ID	Title	CVSS	Severity	Published
CVE-2026-35588	Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values — glancesCWE-89	6.3	Medium	2026-04-20
CVE-2026-35587	Glances IP Plugin has SSRF via public_api that leads to credential leakage — glancesCWE-918	9.8^AI	Critical^AI	2026-04-20
CVE-2026-34839	Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS — glancesCWE-200	6.5^AI	Medium^AI	2026-04-20
CVE-2026-33641	Glances Vulnerable to Command Injection via Dynamic Configuration Values — glancesCWE-78	7.8	High	2026-04-02
CVE-2026-33533	Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard — glancesCWE-942	8.1^AI	High^AI	2026-04-02
CVE-2026-32634	Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers — glancesCWE-346	8.1	High	2026-03-18
CVE-2026-32633	Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` — glancesCWE-200	9.1	Critical	2026-03-18
CVE-2026-32632	Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding — glancesCWE-346	5.9	Medium	2026-03-18
CVE-2026-32611	Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements — glancesCWE-89	7.0	High	2026-03-18
CVE-2026-32610	Glances's Default CORS Configuration Allows Cross-Origin Credential Theft — glancesCWE-942	8.1	High	2026-03-18
CVE-2026-32609	Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials — glancesCWE-200	7.5	High	2026-03-18
CVE-2026-32608	Glances has a Command Injection via Process Names in Action Command Templates — glancesCWE-78	7.0	High	2026-03-18
CVE-2026-32596	Glances exposes the REST API without authentication — glancesCWE-200	9.1	-	2026-03-18
CVE-2026-30930	Glances has SQL Injection via Process Names in TimescaleDB Export — glancesCWE-89	9.8^AI	Critical^AI	2026-03-10
CVE-2026-30928	Glances Exposes Unauthenticated Configuration Secrets — glancesCWE-200	9.1^AI	Critical^AI	2026-03-10

This page lists every published CVE security advisory associated with nicolargo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

nicolargo — Vulnerabilities & Security Advisories 15