94 matches found
OPENSUSE-SU-2026:20711-1 Security update for hauler
This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.3 bsc1262353, CVE-2026-39984, bsc1262942, CVE-2026-34986: 1.4 Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in the gomodules group across 1 directory 1.4 Bump github.com/sigstore/timestamp-authority/v2...
EUVD-2026-4954
Inspektor Gadget: Command Injection via malicious buildOptions manipulation...
Inspektor Gadget: Command Injection via malicious buildOptions manipulation
Impacted Resources inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build Description The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
GHSA-79QW-G77V-2VFH Inspektor Gadget: Command Injection via malicious buildOptions manipulation
Impacted Resources inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build Description The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
Kernel-Exploitation
🏆 Ultimate Master Guide: Kernel Exploit Labs Welcome to the b...
Oracle Linux 10 : nodejs24 (ELSA-2026-1842)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1842 advisory. 1:24.13.0-1.0.1 - Update upstream references 1:24.13.0-1 - Update to 24.13.0 1:24.11.1-2 - makefile: change package manager to RH one Tenable has...
SUSE CVE-2026-24905
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the buildCmd function. An attacker can execute arbitrary commands by supplying crafted values in the buildOptions structure, which are embedded unsafely in Makefile commands. Note: This is only exploitabl...
CVE-2026-24905
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
CVE-2026-24905 Inspektor Gadget has a Command Injection vulnerability in Makefile.build
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
CVE-2026-24905 Inspektor Gadget has a Command Injection vulnerability in Makefile.build
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
CVE-2026-24905
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
CVE-2026-24905
CVE-2026-24905 affects Inspektor Gadget. The vulnerability arises from unsafe embedding of user-controlled data in the Makefile.build template used during ig image build, allowing command injection via buildOptions extracted from the gadget manifest. Before version 0.48.1, an attacker who can inf...
PT-2026-5359
Name of the Vulnerable Software and Affected Versions Inspektor Gadget versions prior to 0.48.1 Description Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary includes a subcommand for image...
CVE-2026-22786
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
Arbitrary File Upload
Overview github.com/flipped-aurora/gin-vue-admin/server/utils is a Vue-based admin system Affected versions of this package are vulnerable to Arbitrary File Upload via the MakeFile function in the breakpoint resume upload process. An attacker can write arbitrary files to any directory by supplyin...
367-HW1
It is an educational repository for a Reverse Engineering + Bina...
EUVD-2019-2373
Malware in sbrugna...
PinTools
This repository is an example and proof-of-concept PoC for dynamic binary analysis using the Pin tool. The code is designed to detect the classical use-after-free vulnerability. The Pin tool is a dynamic binary instrumentation framework that allows developers to analyze and modify the behavior of...
CWEXploit
This is a PoC Proof of Concept exploit for various CWE Common...