Lucene search
K

33 matches found

RedhatCVE
RedhatCVE
added 2026/04/17 1:0 p.m.9 views

CVE-2026-21726

A flaw was found in Loki. A remote attacker can exploit a path traversal vulnerability by using double encoding on the namespace parameter after a single URL decode. This allows the attacker to read arbitrary files at the Ruler API endpoint, leading to information disclosure...

5.3CVSS5.9AI score0.00409EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/17 12:3 p.m.10 views

SUSE CVE-2026-21726

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS5.7AI score0.00409EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-21726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files ...

5.3CVSS6.1AI score0.01489EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/15 9:30 p.m.8 views

Grafana Loki Path Traversal - CVE-2021-36156 Bypass

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS5.8AI score0.01489EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/15 9:30 p.m.6 views

GHSA-497X-RRR9-68JP Grafana Loki Path Traversal - CVE-2021-36156 Bypass

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS5.8AI score0.00409EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 9:25 p.m.12 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the namespace parameter in the Ruler API endpoint after double URL encoding. An attacker can access arbitrary files by sending specially crafted requests. Details A Directory Traversal attack also known as path...

6.9CVSS6.5AI score0.00409EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 8:16 p.m.4 views

CVE-2026-21726

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS0.00409EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 7:24 p.m.37 views

CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS0.00409EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 7:24 p.m.4 views

CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS5.8AI score0.00409EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Grafana Loki 安全漏洞

Grafana Loki is an open-source log aggregation system developed by Grafana. There is a security vulnerability in Grafana Loki, which stems from insufficient validation of path traversal sequences. This vulnerability could allow attackers to read Ruler API endpoint files through double-encryption...

5.3CVSS5.8AI score0.00409EPSS
Exploits0References1
Grafana
Grafana
added 2026/01/26 12:0 a.m.11 views

Grafana Loki Path Traversal - CVE-2021-36156 Bypass

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS6AI score0.01489EPSS
Exploits0
OSV
OSV
added 2025/09/01 9:47 a.m.7 views

MAL-2025-46895 Malicious code in badge-ruler (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 34de70c9a9c01b43d1728b2a20d6eada0fe0a1e925866f4546057dc5fb7aa737 The OpenSSF Package Analysis project identified 'badge-ruler' @ 0.0.2 rubygems as malicious. It is considered malicious because: - The package...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/01 9:47 a.m.4 views

Malicious code in badge-ruler (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 34de70c9a9c01b43d1728b2a20d6eada0fe0a1e925866f4546057dc5fb7aa737 The OpenSSF Package Analysis project identified 'badge-ruler' @ 0.0.2 rubygems as malicious. It is considered malicious because: - The package...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-23901 Malicious code in jquery-ui.ruler (npm)

The package jquery-ui.ruler was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/08 9:58 p.m.2 views

Malicious code in @facetca/facet-ruler (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Huntr
Huntr
added 2022/09/25 11:48 a.m.24 views

Stack-based Buffer Overflow in function win_redr_ruler

Description Stack Buffer Overflow in function winredrruler at drawscreen.c:799 . vim version git log commit ec1238b4068d0d6d9d02ac1a8e61720224a1be73 grafted, HEAD - master, tag: v9.0.0582, origin/master, origin/HEAD Proof of Concept poc download url:...

4.4CVSS7.7AI score0.00501EPSS
Exploits1
Microsoft Secure
Microsoft Secure
added 2020/06/18 4:0 p.m.299 views

Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint

The increasing pervasiveness of cloud services in today’s work environments, accelerated by a crisis that forced companies around the globe to shift to remote work, is significantly changing how defenders must monitor and protect organizations. Corporate data is spread across multiple...

6.8CVSS8.8AI score0.96274EPSS
Exploits15
seebug.org
seebug.org
added 2017/10/12 12:0 a.m.495 views

Outlook Home Page – Another Ruler Vector

Ruler has become a go to tool for us on external engagements, easily turning compromised mailbox credentials into shells. This has resulted in security being pushed forward and Microsoft responding with patches for the two vectors used in Ruler, namely rules and forms. These were patched with...

6.8CVSS8.6AI score0.59893EPSS
Exploits2
hackapp
hackapp
added 2016/04/01 9:30 a.m.8 views

Ruler App + Photo Ruler - Dynamic Code Loading, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Ruler App + Photo Ruler published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:30 a.m.17 views

Ruler App - Dynamic Code Loading, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Ruler App published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder