CRITICAL9.8CVE-2026-30930Glances has SQL Injection via Process Names in TimescaleDB Export from 0, < 4.5.1
CRITICAL9.1CVE-2026-32633Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` from 0, < 4.5.2
HIGH8.8CVE-2026-35587Glances has SSRF in IP Plugin via public_api leading to credential leakage from 0, < 4.5.4
HIGH8.1Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
from 0, < 4.5.2
HIGH8.1Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
from 0, < 4.5.2
HIGH7.8Glances Vulnerable to Command Injection via Dynamic Configuration Values
from 0, < 4.5.3
HIGH7.5Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
from 0, < 4.5.2
HIGH7.5Glances exposes the REST API without authentication
from 0, < 4.5.2
HIGH7.5Glances Exposes Unauthenticated Configuration Secrets
from 0, < 4.5.1
HIGH7.0Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
from 0, < 4.5.2
HIGH7.0Glances has a Command Injection via Process Names in Action Command Templates
from 0, < 4.5.2
MEDIUM6.5Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
from 0, < 4.5.4
MEDIUM6.5Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
from 0, < 4.5.3
MEDIUM6.3Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
from 0, < 4.5.4
MEDIUM6.3XML External Entity Reference in Glances
from 0, < 85d5a6b4af31fcf785d5a61086cbbd166b40b07a, < 9d6051be4a42f692392049fdbfc85d5dfa458b32, < 4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 | from 0, < 3.2.1
MEDIUM6.3XML External Entity Reference in Glances
from 0, < 3.2.1
MEDIUM5.9Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
from 0, < 4.5.2