Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Citrix NetScaler CVE-2025 Vulnerabilities: Another Year, Another Gateway Crisis
Citrix NetScaler started 2025 with multiple critical CVEs affecting ADC and Gateway products. We break down the technical details and the recurring pattern.
Fortinet FortiGate Authentication Bypass: CVE-2024-55591 Explained
A critical authentication bypass in FortiOS and FortiProxy allowed attackers to gain super-admin privileges via crafted Node.js websocket requests. Here's what happened and how to protect your infrastructure.
Ivanti Connect Secure Zero-Day: CVE-2025-0282 Under Active Exploitation
A stack-based buffer overflow in Ivanti Connect Secure allowed unauthenticated remote code execution. Chinese threat actors exploited it before any patch existed.
Palo Alto Expedition CVE-2024-9463: Command Injection in Migration Tool
Critical command injection vulnerabilities in Palo Alto Networks Expedition tool exposed firewall credentials and configurations, with CISA confirming active exploitation in November 2024.
Cisco ASA and FTD CVE-2024-20481: Brute-Force DoS in VPN Services
CVE-2024-20481 in Cisco ASA and Firepower Threat Defense VPN services was actively exploited in large-scale brute-force campaigns, causing denial of service on critical VPN infrastructure.
FortiJump: CVE-2024-47575 FortiManager Zero-Day Exploited at Scale
CVE-2024-47575, dubbed FortiJump, allowed unauthenticated attackers to execute commands on FortiManager devices. Mandiant confirmed exploitation by a new threat cluster targeting managed Fortinet infrastructure.
CUPS Vulnerability Chain: Remote Code Execution via Linux Printing
A chain of vulnerabilities in the CUPS printing system allows unauthenticated attackers to achieve remote code execution on Linux systems by exploiting how printers are discovered and configured.
Ivanti Cloud Services Appliance CVE-2024-8963: Chained Exploitation
Ivanti's Cloud Services Appliance faced chained zero-day exploitation in September 2024, with attackers combining path traversal and command injection for unauthenticated RCE.
GitLab Pipeline Execution Vulnerability CVE-2024-6678: Running Pipelines as Any User
CVE-2024-6678 allowed attackers to trigger GitLab CI/CD pipelines as arbitrary users, potentially accessing secrets and deploying malicious code through impersonated pipeline runs.
SonicWall SSL VPN CVE-2024-40766: Ransomware's Favorite Front Door
CVE-2024-40766 in SonicWall SonicOS became an immediate target for Akira and Fog ransomware groups, highlighting the ongoing risk of VPN appliance vulnerabilities.
ServiceNow CVE-2024-4879: Remote Code Execution via Jelly Template Injection
Critical RCE vulnerabilities in ServiceNow were chained together for unauthenticated access, with active exploitation observed within days of disclosure.
regreSSHion: CVE-2024-6387 OpenSSH Remote Code Execution
A regression in OpenSSH's signal handler reintroduced a vulnerability from 2006, enabling unauthenticated remote code execution on glibc-based Linux systems. Here's what you need to know.