Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
CVE-2024-0057: Certificate validation bypass in .NET X.50...
CVE-2024-0057 lets attackers forge X.509 certificates that bypass .NET's chain validation, risking spoofing in TLS and code-signing flows.
CVE-2018-1285: XXE in Apache log4net
CVE-2018-1285: Apache log4net before 2.0.10 fails to disable external XML entities, enabling XXE attacks via config files. Impact, fix, and detection.
CVE-2020-29652: Denial of service in golang.org/x/crypto/...
A pre-auth nil pointer dereference in golang.org/x/crypto/ssh let a single crafted request crash Go SSH servers. Here's the impact, fix, and remediation path.
CVE-2021-43565: Denial of service in golang.org/x/crypto/...
A crafted SSH packet could crash Go services using golang.org/x/crypto/ssh before the December 2021 fix. What's affected, the severity context, and how to remediate.
How the Snyk Vulnerability Database sources and verifies ...
A look at how Snyk's Vulnerability Database sources, verifies, and scores new disclosures, from GHSA feeds and silent fixes to CVSS overrides and embargo timing.
Why Vulnerability Disclosure Timelines Still Vary Wildly ...
Google gives vendors 90 days, ZDI gives 120, the EU wants 24 hours, and Linux had no CVE process until 2024. Here's why disclosure timelines diverge so sharply across ecosystems.
The XZ Utils Backdoor: A Timeline and Technical Post-Mortem
A technical post-mortem of CVE-2024-3094, the XZ Utils backdoor: how a trusted maintainer identity was used to plant a supply chain backdoor in sshd.
CVE-2025-5777 (Citrix Bleed 2): NetScaler Memory Disclosure Deep Dive
A second Citrix Bleed leaks session tokens from NetScaler ADC and Gateway memory. We dissect the buffer over-read and the IR playbook.
CVE-2025-32756 in FortiVoice: HTTP Stack Overflow to Root RCE
A stack-based buffer overflow in FortiVoice and FortiMail web portals lets unauthenticated attackers execute root commands over HTTPS.
CVE-2025-20188 in Cisco IOS XE WLC: Hardcoded JWT to Root RCE
A hardcoded JSON Web Token in Cisco's Wireless LAN Controller gives unauthenticated attackers a path to root via arbitrary file upload.
Commvault CVE-2025-34028: SSRF to RCE in Enterprise Backup Software
A critical SSRF vulnerability in Commvault Command Center allowed unauthenticated attackers to achieve remote code execution on backup infrastructure. CISA added it to the KEV catalog.
SAP NetWeaver CVE-2025-31324: Unrestricted File Upload Zero-Day
A critical file upload vulnerability in SAP NetWeaver Visual Composer was exploited to deploy web shells on enterprise SAP systems. The flaw required no authentication and scored 10.0 on CVSS.