Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Spring4Shell (CVE-2022-22965) Explained: RCE Through Spring Data Binding
CVE-2022-22965, Spring4Shell, let attackers write a JSP web shell to Spring MVC apps on JDK 9+ by abusing data binding. Here is the ClassLoader trick and the exact conditions required.
Log4j Log4Shell vulnerability explained CVE-2021-44228
Log4Shell (CVE-2021-44228) let attackers gain RCE via a single logged string. Here's the CVSS/EPSS/KEV context, timeline, and how to remediate it.
ActiveMQ CVE-2023-46604 Explained: The OpenWire Deserialization RCE
CVE-2023-46604 is an unauthenticated remote code execution flaw in Apache ActiveMQ's OpenWire protocol, rated CVSS 10.0. Here is how it works, how ransomware crews weaponized it, and how to remediate.
EternalBlue (CVE-2017-0144) Explained: The SMBv1 Flaw Behind WannaCry
CVE-2017-0144 is the SMBv1 remote code execution bug that powered WannaCry and NotPetya. Here is how the EternalBlue exploit works, why it spread, and how to stay clear of it today.
Ghostcat: Apache Tomcat AJP File Read and RCE (CVE-2020-1938) Explained
CVE-2020-1938 turned Tomcat's default AJP connector into a file-disclosure and RCE primitive. Here's how the request-attribute abuse works and how to shut it down.
GitLab ExifTool RCE (CVE-2021-22205) Explained
An unauthenticated attacker could run code on a GitLab server just by uploading an image. The bug was not in GitLab at all — it was in ExifTool. Here is the full story.
Heartbleed (CVE-2014-0160) Explained: When OpenSSL Leaked Memory to Anyone
CVE-2014-0160, Heartbleed, let remote attackers read up to 64KB of an OpenSSL server's memory per request — private keys, sessions, passwords. Here is the missing bounds check that caused it.
HTTP/2 Rapid Reset (CVE-2023-44487) Explained
A protocol-level flaw in HTTP/2 turned a normal feature into the largest DDoS attacks ever recorded. Here is how Rapid Reset works and which library versions fix it.
ProxyLogon (CVE-2021-26855) Explained: The Exchange SSRF That Opened a Pre-Auth Door
CVE-2021-26855, ProxyLogon, is a server-side request forgery in Microsoft Exchange that let unauthenticated attackers impersonate the server — the first link in a chain to full remote code execution.
PwnKit (CVE-2021-4034) Explained: Root From a 12-Year-Old Polkit Bug
CVE-2021-4034, aka PwnKit, is a memory-corruption flaw in polkit's pkexec that gives any local user reliable root on nearly every Linux distribution. Here is how it works and how to close it.
Inside the GitHub Advisory Database: how vulnerability re...
How vulnerability records actually get into the GitHub Advisory Database — curation, CNA status, GHAS enrichment, and the gaps in severity and version data teams should watch for.
Cybersecurity Research Center (CyRC): vulnerability resea...
What is Black Duck's CyRC, how does it research and disclose vulnerabilities, and where do its coverage gaps leave your open source supply chain exposed?