9 matches found
EUVD-2026-23100
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726
CVE-2026-21726 is a Grafana Loki path traversal vulnerability related to namespace parameter handling. The literature links it to the historic CVE-2021-36156 bypass in Loki’s path traversal, potentially allowing an attacker to read files via the Ruler API endpoint /loki/api/v1/rules/{namespace} a...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2019-25413
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...
CVE-2019-25413 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via ID Parameter
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...
LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute arbitrary script on affected installations of LibreNMS. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter provided to the rules endpoint. The issue results from the lac...
CVE-2025-34243
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
PT-2019-12275 · Owasp +1 · Owasp Modsecurity Core Rule Set +1
Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions through 3.1.0 Description: An issue was discovered that allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested...