CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-32609

CVE-2026-32609 (Glances) : The issue prime in Glances is incomplete redaction of secrets on API endpoints. The GHSA-gh4x fix redacted credentials on /api/v4/config via as_dict_secure(), but endpoints /api/v4/args and /api/v4/args/{item} still exposed the full command-line namespace (vars(self.arg...

GHSA-CVWP-R2G2-J824 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Summary The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not addressed by this fix. These endpoints return the complete...

Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Summary The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not addressed by this fix. These endpoints return the complete...

CVE-2023-25413

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials...

EUVD-2018-12947

Malware in sbrugna...

EUVD-2022-39025

Malicious code in bioql PyPI...

EUVD-2024-46756

Malicious code in bioql PyPI...

EUVD-2022-39024

Malicious code in bioql PyPI...

CVE-2025-20352

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service DoS condition on an affected device that is running Cisco IOS...

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs...

CVE-2022-36307

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models...

CVE-2022-36308

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may...

Linux Distros Unpatched Vulnerability : CVE-2022-24810

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malform...

CVE-2025-20172

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker...

CVE-2024-25658

Cleartext storage of passwords in Infinera TNMS Transcend Network Management System Server 19.10.3 allows attackers with access to the database or exported configuration files to obtain SNMP users' usernames and passwords in cleartext...

Schneider Electric SpaceLogic AS-P/AS-B Log Message Disclosure Vulnerability

The Schneider Electric SpaceLogic AS-P is an automation server from Schneider Electric France. The Schneider Electric SpaceLogic AS-P/AS-B suffers from a log message disclosure vulnerability that can be exploited by an attacker to cause SNMP credentials to be exposed...

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs...

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs...