Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Check Point VPN Zero-Day CVE-2024-24919: Information Disclosure Under Active Exploitation
A critical information disclosure vulnerability in Check Point VPN products allowed attackers to read sensitive files including password hashes, enabling lateral movement into enterprise networks.
GitHub Enterprise Server CVE-2024-4985: SAML Authentication Bypass
A critical authentication bypass in GitHub Enterprise Server allowed attackers to forge SAML responses and gain administrator access to self-hosted GitHub instances without any credentials.
Palo Alto PAN-OS Zero-Day CVE-2024-3400: Command Injection in GlobalProtect
A critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect feature was exploited as a zero-day, giving attackers root access to firewalls protecting enterprise networks.
Kubernetes CVE-2024-3177: Bypassing Mountable Secrets Policy
A medium-severity Kubernetes vulnerability allowed pods to access secrets they should not have been able to mount, undermining RBAC-based secret isolation in multi-tenant clusters.
Ivanti Connect Secure Zero-Day: CVE-2024-21887 and CVE-2023-46805 Exploited in the Wild
Two chained zero-days in Ivanti Connect Secure VPN appliances gave attackers unauthenticated remote code execution. Here's what happened and why perimeter devices remain a favorite target.
Apache OFBiz CVE-2023-51467: Authentication Bypass in Enterprise Resource Planning
CVE-2023-51467 bypassed a previous patch for an authentication flaw in Apache OFBiz, granting unauthenticated access to ERP functionality. A patch bypass that exposed critical business data.
Apache Struts CVE-2023-50164: Critical File Upload RCE Echoes Equifax-Era Nightmares
A critical path traversal vulnerability in Apache Struts allowed RCE through file upload manipulation. The disclosure triggered flashbacks to the 2017 Equifax breach caused by a similar Struts flaw.
Apache ActiveMQ CVE-2023-46604: Ransomware Groups Exploit Critical RCE
A critical remote code execution flaw in Apache ActiveMQ was rapidly weaponized by ransomware operators, with exploitation beginning before many organizations could patch.
F5 BIG-IP CVE-2023-46747: Authentication Bypass Puts Network Infrastructure at Risk
A critical authentication bypass in F5 BIG-IP allowed unauthenticated attackers to gain administrative access. The vulnerability affected the management interface of devices protecting enterprise networks.
Cisco IOS XE CVE-2023-20198: Tens of Thousands of Devices Implanted
A critical zero-day in Cisco IOS XE's web UI allowed unauthenticated attackers to create admin accounts and deploy implants on over 40,000 devices worldwide.
curl CVE-2023-38545: The Worst curl Vulnerability in Years
A heap buffer overflow in curl's SOCKS5 proxy handshake earned a severity rating of HIGH from curl's creator Daniel Stenberg, who called it the worst curl flaw in a long time.
JetBrains TeamCity CVE-2023-42793: When Your Build Server Becomes the Attack Vector
A critical authentication bypass in TeamCity allowed unauthenticated attackers to gain admin access to CI/CD servers. State-sponsored groups exploited it to compromise software supply chains.