{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T08:42:17.710","vulnerabilities":[{"cve":{"id":"CVE-2026-30930","sourceIdentifier":"security-advisories@github.com","published":"2026-03-10T18:18:52.837","lastModified":"2026-03-17T16:20:46.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is fixed in 4.5.1."},{"lang":"es","value":"Glances es una herramienta de monitoreo de sistema de código abierto multiplataforma. Antes de la versión 4.5.1, el módulo de exportación de TimescaleDB construye consultas SQL utilizando concatenación de cadenas con datos de monitoreo del sistema no saneados. El método normalize() envuelve los valores de cadena entre comillas simples pero no escapa las comillas simples incrustadas, lo que hace que la inyección SQL sea trivial a través de datos controlados por el atacante, como nombres de procesos, puntos de montaje del sistema de archivos, nombres de interfaces de red o nombres de contenedores. Esta vulnerabilidad se corrige en la versión 4.5.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.1","matchCriteriaId":"5B30F860-5F24-4658-B6CD-B1507A8A3747"}]}]}],"references":[{"url":"https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.1","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}