CVE-2026-49413

CVE-2026-49413 describes a flaw in FreeBSD’s Linuxulator: during execve for setuid/setgid Linux binaries, the P_SUGID flag is not yet set, causing AT_SECURE to be 0 in the ELF auxiliary vector. This missetting enables an unprivileged local user to inject a shared library via LD_PRELOAD into a set...

FreeBSD -- Flaw in Linuxulator execution of setugid binaries

Problem Description: The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and...

EUVD-2026-22178

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

Exploit for CVE-2015-1328

CVE-2015-1328 Proof of Concept A Proof of Concept PoC explo...

CVE-2025-34190 Vasion Print (formerly PrinterLogic) PrinterInstallerClientService Authentication Bypass via LD_PRELOAD Hooking

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 macOS/Linux client deployments are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges for certain...

CVE-2023-1521

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LDPRELOAD. If the server is run as root which is the default when installing the snap package https://snapcraft.io/sccache , this means a user...

CVE-2023-27199

PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...