Safeguard
Topic

Vulnerabilities

In-depth guides and analysis on vulnerabilities from the Safeguard engineering team.

71 articles

Vulnerabilities

Nginx Vulnerabilities: Tracking and Patching at Scale

Nginx vulnerabilities are rare compared to application-layer bugs but high-impact when they land — here's how to track disclosures and patch fleets without breaking uptime.

Aug 6, 20255 min read
Vulnerabilities

BOLA: Broken Object Level Authorization, Explained

A bola vulnerability lets one authenticated user reach another user's data just by changing an ID in a request — no exploit code required, which is exactly why scanners miss it so often.

Jul 24, 20255 min read
Vulnerabilities

PHP Vulnerability Classes and Common Fixes

The recurring php vulnerability classes — SQL injection, file inclusion, deserialization, and type-juggling bugs — and the specific fixes that close each one.

Jul 8, 20255 min read
Vulnerabilities

Stored XSS: Why Persistent Injection Hurts Most

Stored XSS saves the attacker's script server-side and serves it to everyone. Here is why persistent injection is the most damaging XSS variant and how to stop it.

Jun 3, 20256 min read
Vulnerabilities

jQuery 3.6.0 Vulnerabilities: What Is Actually Exploitable

Scanners keep flagging jQuery 3.6.0 as vulnerable — but jQuery core in that version has no known direct CVEs. Here is what the alerts really mean and where the exploitable risk actually lives.

May 7, 20256 min read
Vulnerabilities

The Java Security Manager Is Deprecated: What to Use Instead

JEP 411 deprecated the Java Security Manager for removal, and years of accumulated java security flaws in its trust model are why the platform is retiring it rather than fixing it further.

May 6, 20255 min read
Vulnerabilities

PHP 7.4.33 Vulnerabilities: The Real Risk of Running EOL PHP

PHP 7.4.33 was the final release in the 7.4 line before it reached end of life — running it today means every new vulnerability discovered afterward goes unpatched by design.

May 6, 20254 min read
Vulnerabilities

npm Security Vulnerabilities: How to Track Them

A practical system for tracking npm security vulnerabilities across a real dependency tree, why you shouldn't rely on npm check vulnerabilities output alone, and what to automate.

Apr 25, 20255 min read
Vulnerabilities

SQL Injection Prevention Cheat Sheet

A practitioner's SQL injection cheatsheet: parameterized queries, safe ORM use, input validation, least privilege, and the exact patterns to ban in review.

Apr 22, 20256 min read
Vulnerabilities

XSS Examples: Real Payloads and How They Execute

Concrete XSS examples across HTML, attribute, and JavaScript contexts, with the payloads that trigger them and why each one runs.

Apr 22, 20256 min read
Vulnerabilities

WooCommerce Vulnerabilities: A Recurring Pattern Worth Knowing

WooCommerce core is relatively well-maintained, but the plugin and extension ecosystem around it is where most reported WooCommerce vulnerabilities keep showing up.

Apr 8, 20254 min read
Vulnerabilities

XXE Examples: Annotated Payloads and Fixes

Concrete xxe examples showing how a malicious external entity reference reads local files or reaches internal services through an XML parser, and the config change that closes it.

Mar 27, 20255 min read
Vulnerabilities (Page 2) — Supply Chain Security Blog | Safeguard