glances
python · glancesHeads-up
Glances XML-RPC Server Missing Host Header Validation
The Glances XML-RPC server (glances -s) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks.
23 Jun 2026 · schedule it
python · glancesCritical
Glances KVM/QEMU plugin command injection via unsanitized domain names
The Glances KVM/QEMU monitoring engine passes unsanitized VM domain names into f-string command templates processed by secure_pope
23 Jun 2026 · act now
python · glancesCritical
Glances pickle.load() arbitrary code execution via cache file
Glances uses pickle.load() on a predictable cache file without integrity checks, allowing arbitrary code execution via malicious p
23 Jun 2026 · act now