nicolargo
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting nicolargo.
- CVE-2026-46608Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)7.4
- CVE-2026-46607Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution7.8
- CVE-2026-53925Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration7.8
- CVE-2026-46606Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py7.8
- CVE-2026-46611Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack5.3
- CVE-2026-35588Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values6.3
- CVE-2026-35587Glances IP Plugin has SSRF via public_api that leads to credential leakage8.8
- CVE-2026-34839Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS6.5
- CVE-2026-33641Glances Vulnerable to Command Injection via Dynamic Configuration Values7.8
- CVE-2026-33533Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard6.5
- CVE-2026-32634Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers8.1
- CVE-2026-32633Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`9.1
- CVE-2026-32632Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding5.9
- CVE-2026-32611Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements7.0
- CVE-2026-32610Glances's Default CORS Configuration Allows Cross-Origin Credential Theft8.1