CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Vulnrichment•added 2026/03/18 6:3 a.m.•2 views

CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

7CVSS6.1AI score0.0001EPSS

Exploits1References3

OSV•added 2026/03/18 6:3 a.m.•1 views

CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates

7CVSS6.1AI score0.0001EPSS

Exploits1References5

Cvelist•added 2026/03/18 6:3 a.m.•26 views

CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates

7CVSS0.0001EPSS

Exploits1References3

CVE•added 2026/03/18 6:3 a.m.•7 views

CVE-2026-32608

Glances CVE-2026-32608 describes a local command-injection in the action system. Before 4.5.2, Mustache-rendered values such as process names, mount points, or container names could contain shell metacharacters that are not safely handled by secure_popen(), causing unintended command splitting. A...

7CVSS6.1AI score0.0001EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2026/03/16 4:26 p.m.•5 views

Glances has a Command Injection via Process Names in Action Command Templates

Summary The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime monitoring data. The securepopen function, which executes...

7CVSS6.3AI score0.0001EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2026/03/10 4:16 p.m.•0 views

CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

8.6CVSS5.8AI score0.00034EPSS

Exploits1References3

OSV•added 2026/03/10 4:16 p.m.•0 views

CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export

8.6CVSS5.8AI score0.00034EPSS

Exploits1References5

Debian CVE•added 2026/03/10 4:16 p.m.•1 views

CVE-2026-30930

9.8CVSS5.7AI score0.00034EPSS

Exploits1

Positive Technologies•added 2026/01/01 12:0 a.m.•2 views

PT-2026-25846

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances is a system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands...

7CVSS6.1AI score0.0001EPSS

Exploits1References25

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2008-5055

Malware in sbrugna...

4.6CVSS6.1AI score0.00067EPSS

Exploits1References8

SUSE CVE•added 2025/10/02 11:23 p.m.•1 views

SUSE CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

6.8CVSS6.9AI score0.00059EPSS

Exploits1References3

OSV•added 2025/10/02 10:15 a.m.•1 views

DEBIAN-CVE-2025-54288

6.8CVSS5.3AI score0.00059EPSS

Exploits1References1

Debian CVE•added 2025/10/02 9:20 a.m.•5 views

CVE-2025-54288

6.8CVSS5.2AI score0.00059EPSS

Exploits1

AlpineLinux•added 2025/10/02 9:20 a.m.•3 views

CVE-2025-54288

6.8CVSS6.5AI score0.00059EPSS

Exploits1

Tenable Nessus•added 2024/08/08 12:0 a.m.•33 views

Ubuntu 16.04 LTS / 18.04 LTS : Salt vulnerabilities (USN-6948-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6948-1 advisory. It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary...

9.8CVSS7.5AI score0.94387EPSS

Exploits13References13

Malwarebytes•added 2024/05/30 4:33 p.m.•22 views

Beware of scammers impersonating Malwarebytes

Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand. Image...

7.3AI score

Exploits0

SUSE CVE•added 2023/02/15 6:6 a.m.•1 views

SUSE CVE-2008-5076

htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."...

4.6CVSS7.1AI score0.00067EPSS

Exploits1References4

n0where•added 2018/07/10 6:24 p.m.•30 views

Query Windows Machine for RAM Artifacts: memtriage

Allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to access physical memory, and Volatility for analysis. Caveats: Doesn’t work with Device Guard enabled. Should be tested on machines before deploying. Example Usage usage: memtriage.exe -...

6.9AI score

Exploits0References3

OSV•added 2008/11/14 6:9 p.m.•1 views

DEBIAN-CVE-2008-5076

4.6CVSS6.8AI score0.00067EPSS

Exploits1References1

Debian CVE•added 2008/11/14 6:0 p.m.•17 views

CVE-2008-5076

4.6CVSS6.6AI score0.00067EPSS

Exploits1

Rows per page