Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nicolargo — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting nicolargo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nicolargo is primarily known for developing security tools and open-source projects, with a core focus on system administration and network security. The project has historically been associated with vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. Security assessments reveal that misconfigurations and input validation issues have been recurring concerns. While no major public security incidents have been widely documented, the 15 CVEs on record highlight persistent security challenges in its codebase, particularly around improper access controls and insecure default settings. The project's security posture reflects common issues in open-source development, emphasizing the need for rigorous testing and secure coding practices.

Found 15 results / 15Clear Filters
Top products by nicolargo: glances
CVE IDTitleCVSSSeverityPublished
CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values — glancesCWE-89 6.3 Medium2026-04-20
CVE-2026-35587 Glances IP Plugin has SSRF via public_api that leads to credential leakage — glancesCWE-918 9.8AICriticalAI2026-04-20
CVE-2026-34839 Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS — glancesCWE-200 6.5AIMediumAI2026-04-20
CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values — glancesCWE-78 7.8 High2026-04-02
CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard — glancesCWE-942 8.1AIHighAI2026-04-02
CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers — glancesCWE-346 8.1 High2026-03-18
CVE-2026-32633 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` — glancesCWE-200 9.1 Critical2026-03-18
CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding — glancesCWE-346 5.9 Medium2026-03-18
CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements — glancesCWE-89 7.0 High2026-03-18
CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft — glancesCWE-942 8.1 High2026-03-18
CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials — glancesCWE-200 7.5 High2026-03-18
CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates — glancesCWE-78 7.0 High2026-03-18
CVE-2026-32596 Glances exposes the REST API without authentication — glancesCWE-200 9.1 -2026-03-18
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export — glancesCWE-89 9.8AICriticalAI2026-03-10
CVE-2026-30928 Glances Exposes Unauthenticated Configuration Secrets — glancesCWE-200 9.1AICriticalAI2026-03-10

This page lists every published CVE security advisory associated with nicolargo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.