Vulnerabilidades en nicolargo
15 resultadosCVE-2026-30928HIGHGlances Exposes Unauthenticated Configuration SecretsEPSS 1.7%CVE-2026-32596HIGHGlances exposes the REST API without authenticationEPSS 1.6%CVE-2026-33641HIGHGlances Vulnerable to Command Injection via Dynamic Configuration ValuesEPSS 0.9%CVE-2026-32609HIGHGlances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP CredentialsEPSS 0.5%CVE-2026-32633CRITICALGlances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`EPSS 0.5%CVE-2026-33533HIGHGlances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS WildcardEPSS 0.4%CVE-2026-34839HIGHGlances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORSEPSS 0.4%CVE-2026-35587HIGHGlances IP Plugin has SSRF via public_api that leads to credential leakageEPSS 0.4%CVE-2026-30930HIGHGlances has SQL Injection via Process Names in TimescaleDB ExportEPSS 0.4%CVE-2026-32610HIGHGlances's Default CORS Configuration Allows Cross-Origin Credential TheftEPSS 0.3%CVE-2026-32611HIGHGlances has a SQL Injection in DuckDB Export via Unparameterized DDL StatementsEPSS 0.3%CVE-2026-32634HIGHGlances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed ServersEPSS 0.3%CVE-2026-32608HIGHGlances has a Command Injection via Process Names in Action Command TemplatesEPSS 0.2%CVE-2026-35588MEDIUMGlances has CQL Injection in its Cassandra Export Module via Unsanitized Config ValuesEPSS 0.2%CVE-2026-32632MEDIUMGlances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS RebindingEPSS 0.2%