33 matches found
CVE-2026-21726
A flaw was found in Loki. A remote attacker can exploit a path traversal vulnerability by using double encoding on the namespace parameter after a single URL decode. This allows the attacker to read arbitrary files at the Ruler API endpoint, leading to information disclosure...
SUSE CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2026-21726
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files ...
Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
GHSA-497X-RRR9-68JP Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the namespace parameter in the Ruler API endpoint after double URL encoding. An attacker can access arbitrary files by sending specially crafted requests. Details A Directory Traversal attack also known as path...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
Grafana Loki 安全漏洞
Grafana Loki is an open-source log aggregation system developed by Grafana. There is a security vulnerability in Grafana Loki, which stems from insufficient validation of path traversal sequences. This vulnerability could allow attackers to read Ruler API endpoint files through double-encryption...
Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
MAL-2025-46895 Malicious code in badge-ruler (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 34de70c9a9c01b43d1728b2a20d6eada0fe0a1e925866f4546057dc5fb7aa737 The OpenSSF Package Analysis project identified 'badge-ruler' @ 0.0.2 rubygems as malicious. It is considered malicious because: - The package...
Malicious code in badge-ruler (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 34de70c9a9c01b43d1728b2a20d6eada0fe0a1e925866f4546057dc5fb7aa737 The OpenSSF Package Analysis project identified 'badge-ruler' @ 0.0.2 rubygems as malicious. It is considered malicious because: - The package...
MAL-2025-23901 Malicious code in jquery-ui.ruler (npm)
The package jquery-ui.ruler was found to contain malicious code...
Malicious code in @facetca/facet-ruler (npm)
--- -= Per source details. Do not edit below this line.=-...
Stack-based Buffer Overflow in function win_redr_ruler
Description Stack Buffer Overflow in function winredrruler at drawscreen.c:799 . vim version git log commit ec1238b4068d0d6d9d02ac1a8e61720224a1be73 grafted, HEAD - master, tag: v9.0.0582, origin/master, origin/HEAD Proof of Concept poc download url:...
Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint
The increasing pervasiveness of cloud services in today’s work environments, accelerated by a crisis that forced companies around the globe to shift to remote work, is significantly changing how defenders must monitor and protect organizations. Corporate data is spread across multiple...
Outlook Home Page – Another Ruler Vector
Ruler has become a go to tool for us on external engagements, easily turning compromised mailbox credentials into shells. This has resulted in security being pushed forward and Microsoft responding with patches for the two vectors used in Ruler, namely rules and forms. These were patched with...
Ruler App + Photo Ruler - Dynamic Code Loading, External URLs, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application Ruler App + Photo Ruler published at the 'play' market has multiple vulnerabilities...
Ruler App - Dynamic Code Loading, External URLs, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application Ruler App published at the 'play' market has multiple vulnerabilities...