Lucene search
K

356 matches found

Nuclei
Nuclei
added 13 hours ago29 views

Glances - Information Disclosure

Glances 4.5.2 contains an information disclosure vulnerability caused by the web server running without authentication by default, letting remote attackers access sensitive system information including credentials, exploit requires no special privileges. id: CVE-2026-32596 info: name: Glances -...

8.7CVSS7AI score0.0155EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago13 views

Glances - Information Disclosure

Glances 4.5.1 contains an information disclosure vulnerability caused by unfiltered exposure of sensitive configuration data via the /api/4/config REST API endpoint, letting remote attackers access credentials, exploit requires API access. id: CVE-2026-30928 info: name: Glances - Information...

8.7CVSS7AI score0.01657EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-343 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`

Summary In Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri field with embedded HTTP Basic credentials for downstream Glances servers, using t...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/26 7:19 a.m.8 views

CVE-2026-46611

A vulnerability in the Glances XML-RPC server fails to properly validate HTTP Host headers, enabling DNS rebinding attacks. If a user is tricked into visiting a malicious website, a remote attacker can exploit this flaw to exfiltrate sensitive system monitoring data. Mitigation The XML-RPC server...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS0.00401EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS0.00213EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 7:16 p.m.3 views

UBUNTU-CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 7:16 p.m.3 views

UBUNTU-CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 7:16 p.m.4 views

UBUNTU-CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6AI score0.00213EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 7:16 p.m.3 views

UBUNTU-CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.4AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 7:16 p.m.3 views

UBUNTU-CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.8AI score0.00401EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/25 6:5 p.m.4 views

CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.8AI score0.00409EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/25 6:5 p.m.5 views

CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.9AI score0.00401EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:5 p.m.6 views

CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.9AI score0.00401EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/25 6:5 p.m.33 views

CVE-2026-46608

CVE-2026-46608 concerns Glances XML-RPC server (glances -s) where a multi-origin CORS configuration intended to restrict browser access silently falls back to a wildcard when cors_origins has two or more entries. The issue arises from server-side logic that sets Access-Control-Allow-Origin to the...

7.4CVSS5.9AI score0.00409EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 6:5 p.m.40 views

CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS0.00401EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 6:5 p.m.4 views

CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS6AI score0.00401EPSS
Exploits1References4
Rows per page
Query Builder