Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Struts2 OGNL injection RCE (CVE-2018-11776)
CVE-2018-11776 lets remote attackers achieve full RCE in Apache Struts2 via OGNL injection in URL namespaces. Impact, timeline, and fixes inside.
PHP-FPM/Nginx path disclosure RCE (CVE-2019-11043)
CVE-2019-11043 let attackers gain unauthenticated RCE on PHP-FPM/Nginx stacks via a PATH_INFO underflow. Here's the impact, timeline, and fixes.
Ghostcat Apache Tomcat AJP file read/RCE (CVE-2020-1938)
CVE-2020-1938 'Ghostcat' exposes Apache Tomcat's AJP connector to file read and RCE. Here's the ghostcat tomcat AJP vulnerability impact and how to fix it.
ProxyLogon Microsoft Exchange RCE chain (CVE-2021-26855)
A deep dive into ProxyLogon (CVE-2021-26855 and chain): the unauthenticated Exchange RCE that enabled HAFNIUM and mass ransomware attacks.
PrintNightmare Windows Print Spooler RCE (CVE-2021-34527)
A critical Print Spooler flaw (CVE-2021-34527) enabled unauthenticated SYSTEM-level RCE on nearly every Windows host. Here's what happened and how to fix it.
WinRAR CVE-2025-0411 Mark-of-the-Web Bypass
CVE-2025-0411 lets WinRAR archives bypass Windows Mark-of-the-Web when extracted. Here is the flaw, the observed campaigns, and the patching path.
F5 BIG-IP iControl REST RCE (CVE-2022-1388)
A critical iControl REST auth bypass let attackers gain root RCE on BIG-IP within days of disclosure. Impact, KEV status, timeline, and fixes.
libwebp heap buffer overflow zero-day (CVE-2023-4863)
A heap buffer overflow in libwebp, actively exploited in a zero-click iOS spyware chain, exposed browsers, Electron apps, and containers alike.
HTTP/2 Rapid Reset DDoS technique (CVE-2023-44487)
CVE-2023-44487 (HTTP/2 Rapid Reset) fueled record DDoS attacks by abusing stream resets. Here's the impact, timeline, and how to remediate it.
XZ Utils backdoor discovery (CVE-2024-3094)
A deep dive into CVE-2024-3094, the XZ Utils backdoor: affected versions, CVSS/EPSS context, full attack timeline, and remediation steps.
OpenSSH forwarded ssh-agent RCE (CVE-2023-38408)
CVE-2023-38408 lets a malicious SSH server hijack a forwarded ssh-agent to run code on the client. Impact, affected versions, and fixes.
OpenSSH agent forwarding RCE (CVE-2016-10009)
A malicious or compromised SSH server could abuse forwarded ssh-agent connections to load arbitrary PKCS#11 modules and run code on the client.