CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

CVE-2026-32608

Glances CVE-2026-32608 describes a local command-injection in the action system. Before 4.5.2, Mustache-rendered values such as process names, mount points, or container names could contain shell metacharacters that are not safely handled by secure_popen(), causing unintended command splitting. A...

GHSA-VCV2-Q258-WRG7 Glances has a Command Injection via Process Names in Action Command Templates

Summary The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime monitoring data. The securepopen function, which executes...

EUVD-2023-28555

Malicious code in bioql PyPI...

AZL-26614 CVE-2023-24539 affecting package golang for versions less than 1.20.7-1

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...