VIR Vulnerability Intelligence Relay

Package impact

python PyPI / glances

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-30930 critical 9.8 9.8 3mo ago Glances has SQL Injection via Process Names in TimescaleDB Export debianpython
CVE-2026-34839 high 8.0 1mo ago Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS debianpython
CVE-2021-23418 medium 5.5 5y ago The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. archdebianpython
CVE-2026-35588 unknown 1mo ago Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values debianpython
CVE-2026-35587 unknown 1mo ago Glances has SSRF in IP Plugin via public_api leading to credential leakage debianpython
CVE-2026-33641 unknown 2mo ago Glances Vulnerable to Command Injection via Dynamic Configuration Values debianpython
CVE-2026-33533 unknown 2mo ago Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: … debianpython
CVE-2026-32634 unknown 2mo ago Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers debianpython
CVE-2026-32633 unknown 2mo ago Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` debianpython
CVE-2026-32632 unknown 2mo ago Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding debianpython
CVE-2026-32611 unknown 2mo ago Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use pa… debianpython
CVE-2026-32610 unknown 2mo ago Glances's Default CORS Configuration Allows Cross-Origin Credential Theft debianpython
CVE-2026-32609 unknown 2mo ago Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials debianpython
CVE-2026-32608 unknown 2mo ago Glances has a Command Injection via Process Names in Action Command Templates debianpython
CVE-2026-32596 unknown 2mo ago Glances exposes the REST API without authentication debianpython
CVE-2026-30928 unknown 3mo ago Glances Exposes Unauthenticated Configuration Secrets debianpython