32 matches found
Vitest Browser Mode - Local File Read
Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host- true, an attacker can send a request to that handler from remote to get th...
GHSA-2H32-95RG-CPPP Vitest browser mode serves unsanitized otelCarrier query parameter as inline script
Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...
Vitest browser mode serves unsanitized otelCarrier query parameter as inline script
Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...
PT-2026-45491
Summary Vitest browser mode served / vitest test / with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vite...
VulnCheck KEV: CVE-2025-24963
Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...
SUSE CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
Origin Validation Error
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Origin Validation Error via the Central Browser mode autodiscovery. An attacker can obtain authentication secrets by advertising a malicious Zeroconf service on the same local...
Information Exposure
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Information Exposure via the /api/4/serverslist endpoint in Central Browser mode. An attacker can obtain reusable credentials for downstream servers by accessing unauthenticate...
CVE-2026-32633
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...
UBUNTU-CVE-2026-32633
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...
UBUNTU-CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
CVE-2026-32633
Glances CVE-2026-32633 affects the Glances browser API in Central Browser mode prior to v4.5.2. The /api/4/serverslist endpoint returns in-memory mutated server objects that can include a uri field with embedded HTTP Basic credentials for downstream Glances servers. If the frontend is started wit...
CVE-2026-32633
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...
glances 安全漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of untrusted advertisement names to construct connection URIs and retrieve keys under the Central Browser mode. This...
Linux Distros Unpatched Vulnerability : CVE-2026-32633
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw...
glances 安全漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the Central Browser mode, where the/api/4/serverslist endpoint returned server objects without authentication, containing...
PT-2026-25820
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, an open-source system cross-platform monitoring tool, contains a critical issue in its Central Browser mode. The /api/4/serverslist endpoint returns raw server objects that can contain...
EUVD-2017-17338
Malware in sbrugna...