CVE-2026-34839

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API /api/4/ that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy Access-Control-Allow-Origin: . This...

Linux Distros Unpatched Vulnerability : CVE-2026-33533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML- RPC server activated with glances -s or glances --serv...

Cross-Origin Data Theft

Glances is vulnerable to Cross-Origin Data Theft via XML-RPC Server CORS Misconfiguration. The vulnerability is due to the XML-RPC handler not validating the Content-Type header, where an attacker-controlled webpage can issue a CORS simple request containing a valid XML-RPC payload, and the serve...

CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

CVE-2026-33533

Glances prior to 4.5.3 exposes a Cross‑Origin Resource Sharing (CORS) weakness in its XML‑RPC server (enabled with glances -s/--server). The XML‑RPC handler does not validate Content‑Type, allowing an attacker‑controlled page to issue a CORS simple request (POST, Content‑Type: text/plain) that ca...

[SECURITY] Fedora 44 Update: rust-resctl-bench-2.2.5-12.fc44

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

CVE-2026-32609

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-32608

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

CVE-2026-32596

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

CVE-2026-32608

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

CVE-2026-32596

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

Balancing Security and Privacy: The Pivotal Role of AI in Modern Healthcare Systems

As digital threats continue to grow, organizations must find ways to enhance security while protecting user privacy. This paper explores how artificial intelligence AI plays a crucial role in achieving this balance. AI technologies can improve security by detecting threats, monitoring systems, an...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon suffers from a command injection vulnerability that stems from the application's failure to...

EUVD-1999-0528

Malware in sbrugna...

EUVD-2020-22428

Malware in sbrugna...

EUVD-2020-12545

Malware in sbrugna...