pkg:Debian/glances

All known vulnerabilities

• CRITICAL9.8CVE-2026-30930Glances has SQL Injection via Process Names in TimescaleDB Export
  from 0, < 4.5.1+dfsg-1
• CRITICAL9.1CVE-2026-32633Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
  from 0
• HIGH8.8CVE-2026-35587Glances has SSRF in IP Plugin via public_api leading to credential leakage
  from 0
• HIGH8.1CVE-2026-32634Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
  from 0
• HIGH8.1CVE-2026-32610Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
  from 0
• HIGH7.8CVE-2026-33641Glances Vulnerable to Command Injection via Dynamic Configuration Values
  from 0
• HIGH7.5CVE-2026-32609Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
  from 0
• HIGH7.5CVE-2026-32596Glances exposes the REST API without authentication
  from 0
• HIGH7.5CVE-2026-30928Glances Exposes Unauthenticated Configuration Secrets
  from 0
• HIGH7.0CVE-2026-32611Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
  from 0
• HIGH7.0CVE-2026-32608Glances has a Command Injection via Process Names in Action Command Templates
  from 0
• MEDIUM6.5CVE-2026-34839Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
  from 0
• MEDIUM6.5CVE-2026-33533Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
  from 0
• MEDIUM6.3CVE-2026-35588Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
  from 0
• MEDIUM6.3CVE-2021-23418XML External Entity Reference in Glances
  from 0, < 3.2.3.1+dfsg-1
• MEDIUM5.9CVE-2026-32632Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
  from 0