295 matches found
Glances - Information Disclosure
Glances 4.5.2 contains an information disclosure vulnerability caused by the web server running without authentication by default, letting remote attackers access sensitive system information including credentials, exploit requires no special privileges. id: CVE-2026-32596 info: name: Glances -...
Glances - Information Disclosure
Glances 4.5.1 contains an information disclosure vulnerability caused by unfiltered exposure of sensitive configuration data via the /api/4/config REST API endpoint, letting remote attackers access credentials, exploit requires API access. id: CVE-2026-30928 info: name: Glances - Information...
glances 4.5.2 - command injection
!/usr/bin/env python3 Exploit Title: glances 4.5.2 - command injection Date: 2026-04-09 Exploit Author: Stepanov Daniil Vendor Homepage: https://github.com/nicolargo/glances Software Link: https://github.com/nicolargo/glances Version: 4.5.2 and below fixed in 4.5.3 Tested on: Kali Linux 2026.1,...
📄 Glances 4.5.2 Command Injection
Glances version 4.5.2 suffers from a command injection vulnerability. !/usr/bin/env python3 Exploit Title: glances 4.5.2 - command injection Date: 2026-04-09 Exploit Author: Stepanov Daniil Vendor Homepage: https://github.com/nicolargo/glances Software Link: https://github.com/nicolargo/glances...
Cross-origin Data Exfiltration
Glances is vulnerable to Cross-origin Data Exfiltration. The vulnerability is due to the REST API /api/4/ being exposed without authentication and configured with a permissive CORS policy Access-Control-Allow-Origin: , allowing malicious websites to access and exfiltrate sensitive system...
Server-Side Request Forgery
Glances is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the publicapi configuration parameter in the IP plugin, where attacker-controlled URLs are used directly in outbound HTTP requests without scheme or hostname restrictions, allowing...
SUSE CVE-2026-34839
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API /api/4/ that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy Access-Control-Allow-Origin: . This...
SUSE CVE-2026-35587
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...
SUSE CVE-2026-35588
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
Linux Distros Unpatched Vulnerability : CVE-2026-34839
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API /api/4/ that is accessible...
Linux Distros Unpatched Vulnerability : CVE-2026-35587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances ...
OPENSUSE-SU-2026:10602-1 glances-common-4.5.4-1.1 on GA media
These are all security issues fixed in the glances-common-4.5.4-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2026-35588
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py...
GHSA-GRP3-H8M8-45P7 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Summary The Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write access to glances.conf can redirect all monitoring data to an attacker-controlle...
EUVD-2026-23992
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values...
SQL Injection
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via unsanitized configuration values in the Cassandra export module. An attacker can redirect monitoring data to an unauthorized Cassandra keyspace and exfiltrate...
croparray (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-35588 via glances (=3.2.7)
glances PYPI version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on glances and may be impacted: - croparray =0.1.0, =0.1.1 Source cves: CVE-2026-35588 Source advisory: OSV:GHSA-GRP3-H8M8-45P7...
Server-side Request Forgery (SSRF)
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the publicapi configuration parameter of the IP plugin. An attacker can cause the application to send unauthorized HTTP requests to arbitrar...
EUVD-2026-23990
Glances has SSRF in IP Plugin via publicapi leading to credential leakage...
Glances has SSRF in IP Plugin via public_api leading to credential leakage
Summary A Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP requests without any scheme restriction or hostname/IP validation. An attacker who...