Glances

This hub aggregates every CVE we track for Glances, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Glances.

• CVE-2026-35588Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values6.3Apr 20, 2026
• CVE-2026-35587Glances IP Plugin has SSRF via public_api that leads to credential leakage8.8Apr 20, 2026
• CVE-2026-34839Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS6.5Apr 20, 2026
• CVE-2026-33641Glances Vulnerable to Command Injection via Dynamic Configuration Values7.8Apr 2, 2026
• CVE-2026-33533Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard6.5Apr 2, 2026
• CVE-2026-32634Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers8.1Mar 18, 2026
• CVE-2026-32633Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`9.1Mar 18, 2026
• CVE-2026-32632Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding5.9Mar 18, 2026
• CVE-2026-32611Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements7.0Mar 18, 2026
• CVE-2026-32610Glances's Default CORS Configuration Allows Cross-Origin Credential Theft8.1Mar 18, 2026
• CVE-2026-32609Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials7.5Mar 18, 2026
• CVE-2026-32608Glances has a Command Injection via Process Names in Action Command Templates7.0Mar 18, 2026
• CVE-2026-32596Glances exposes the REST API without authentication7.5Mar 18, 2026
• CVE-2026-30930Glances has SQL Injection via Process Names in TimescaleDB Export9.8Mar 10, 2026
• CVE-2026-30928Glances Exposes Unauthenticated Configuration Secrets7.5Mar 10, 2026