Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Fortinet CVE-2024-21762 Deep Dive: Why SSL-VPN Keeps Producing Critical CVEs
The February 2024 FortiOS SSL-VPN remote code execution vulnerability continues a pattern of high-impact CVEs in edge appliances. A technical retrospective and structural analysis.
CVE-2024-4367 PDF.js Arbitrary Code Execution
CVE-2024-4367 is a PDF.js code-execution flaw via font handling that affects Firefox, Thunderbird, and every embedder. Root cause and remediation.
CVE-2025-24071 Windows Explorer NTLM Hash Leak
A .library-ms file extracted from a zip archive can leak NTLM hashes without the user opening anything. Breakdown of CVE-2025-24071 and the defensive response.
CVE-2024-29849 Veeam Auth Bypass Analysis
CVE-2024-29849 is a CVSS 9.8 auth bypass in Veeam Backup Enterprise Manager. Root cause, exploitation, detection, and patching guidance.
CVE-2025-1974 Ingress NGINX Controller RCE
IngressNightmare - CVE-2025-1974 in Kubernetes ingress-nginx - gave unauthenticated attackers cluster-wide RCE. Here is how it worked and what to harden now.
CVE-2024-32002 Git RCE on Clone: Walkthrough
CVE-2024-32002 is a Git submodule RCE triggered by a recursive clone on case-insensitive filesystems. Root cause, exploit, and remediation.
CVE-2024-21413 Outlook Moniker Link Analysis
CVE-2024-21413 is a critical Outlook Moniker Link RCE that bypasses Protected View via a crafted file URL. Root cause, exploitation, and detection.
CVE-2024-55956 Cleo Harmony/VLTrader RCE
Cleo's Harmony, VLTrader, and LexiCom carried an unauthenticated RCE that Clop abused for mass data theft. Here is the technical breakdown and the defender's takeaway.
CVE-2024-23897 Jenkins CLI File Read Deep Dive
CVE-2024-23897 is a Jenkins CLI arbitrary file-read flaw that leaks secrets and enables RCE chains. Root cause, exploitation, and patch guidance.
CVE-2024-45519 Zimbra Unauth RCE Breakdown
A technical breakdown of CVE-2024-45519, the unauthenticated RCE in Zimbra's postjournal service, how it was exploited in the wild, and what defenders should take away.
CVE-2024-4577 PHP CGI Argument Injection Explained
CVE-2024-4577 is a CVSS 9.8 argument injection in PHP-CGI on Windows that bypasses CVE-2012-1823's fix. Root cause, exploitation, and remediation.
Follina and the MSDT Lesson: What CVE-2022-30190 Taught About Trusted Handlers
Follina exploited a Microsoft Support Diagnostic Tool URI handler that nobody thought about. The technical mechanics, the rapid exploitation, and the lasting defense lessons.