CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/03/20 12:24 a.m.•1 views

SUSE CVE-2026-32610

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

8.1CVSS5.7AI score0.00055EPSS

SUSE CVE•added 2026/03/20 12:24 a.m.•0 views

SUSE CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

SUSE CVE•added 2026/03/20 12:24 a.m.•1 views

SUSE CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS5.8AI score0.00018EPSS

Snyk•added 2026/03/18 8:49 p.m.•1 views

Origin Validation Error

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Origin Validation Error in the REST/WebUI FastAPI application due to the lack of host header validation and the absence of an allowlist for trusted hosts. An attacker can gain...

6CVSS5.8AI score0.00028EPSS

Snyk•added 2026/03/18 8:49 p.m.•1 views

Origin Validation Error

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Origin Validation Error via the Central Browser mode autodiscovery. An attacker can obtain authentication secrets by advertising a malicious Zeroconf service on the same local...

8.6CVSS5.8AI score0.00018EPSS

Snyk•added 2026/03/18 6:52 p.m.•2 views

Permissive Cross-domain Policy with Untrusted Domains

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the default CORS configuration in the REST API web server, which sets alloworigins to and allowcredentials to True. An...

8.6CVSS5.8AI score0.00055EPSS

Snyk•added 2026/03/18 6:52 p.m.•2 views

SQL Injection

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via the construction of SQL statements in the glancesduckdb. An attacker can execute arbitrary SQL commands or manipulate the database schema by supplying crafted...

9.1CVSS6.2AI score0.00018EPSS

NVD•added 2026/03/18 6:16 p.m.•1 views

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

9.1CVSS0.00103EPSS

OSV•added 2026/03/18 6:16 p.m.•0 views

UBUNTU-CVE-2026-32632

5.9CVSS5.9AI score0.00028EPSS

Exploits1References5

CVE•added 2026/03/18 5:53 p.m.•5 views

CVE-2026-32633

Glances CVE-2026-32633 affects the Glances browser API in Central Browser mode prior to v4.5.2. The /api/4/serverslist endpoint returns in-memory mutated server objects that can include a uri field with embedded HTTP Basic credentials for downstream Glances servers. If the frontend is started wit...

9.1CVSS5.8AI score0.00103EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/03/18 5:47 p.m.•2 views

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

ATTACKERKB•added 2026/03/18 5:47 p.m.•1 views

CVE-2026-32632

Exploits1References4Affected Software1

Cvelist•added 2026/03/18 5:47 p.m.•18 views

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

5.9CVSS0.00028EPSS

CVE•added 2026/03/18 5:47 p.m.•11 views

CVE-2026-32632

Summary of CVE-2026-32632 (Glances) : Before version 4.5.2, the REST/WebUI FastAPI app in Glances incorrectly accepted arbitrary Host headers and did not apply a host allowlist (TrustedHostMiddleware or equivalent). This allows DNS rebinding to make the REST API, WebUI, and token endpoint reachab...

Exploits1References3Affected Software1

OSV•added 2026/03/18 5:16 p.m.•1 views

UBUNTU-CVE-2026-32610

8.1CVSS5.7AI score0.00055EPSS

Exploits1References5

CVE•added 2026/03/18 4:31 p.m.•6 views

CVE-2026-32610

Glances before 4.5.2 shipped a REST API with CORS allow_origins=["*"] and allow_credentials=True. When both are set, Starlette CORSMiddleware echoes the request Origin into Access-Control-Allow-Origin, allowing credentialed cross-origin requests to the Glances API. This can enable cross-site acce...

8.1CVSS5.7AI score0.00055EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/18 7:16 a.m.•4 views

UBUNTU-CVE-2026-32608

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

7CVSS6AI score0.0001EPSS

Exploits1References4

Snyk•added 2026/03/18 6:54 a.m.•1 views

Information Exposure

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Information Exposure via the web server which runs without authentication by default when started with glances -w. An attacker can access sensitive system information, includin...

8.7CVSS5.8AI score0.04747EPSS