Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Spring4Shell RCE vulnerability explained CVE-2022-22965
CVE-2022-22965 (Spring4Shell) lets attackers achieve unauthenticated RCE on Spring MVC/Tomcat apps. Here's the CVSS/EPSS/KEV data, timeline, and fixes.
Citrix NetScaler CVE-2026-3055: The SAML Memory-Overread CitrixBleed Echo of 2026
CVE-2026-3055 is an unauthenticated memory overread in NetScaler ADC/Gateway configured as a SAML IdP, CVSS 9.3, exploited since late March 2026 and drawing direct CitrixBleed comparisons. Full analysis.
Text4Shell RCE in Apache Commons Text CVE-2022-42889
CVE-2022-42889 (Text4Shell) is a 9.8-severity RCE in Apache Commons Text 1.5-1.9. Learn affected versions, timeline, and remediation steps.
Log4Shell remediation cheat sheet
A practical, no-fluff Log4Shell remediation cheat sheet: affected versions, CVSS/EPSS/KEV context, timeline, and the exact steps to close CVE-2021-44228.
HTTP/2 Rapid Reset zero-day vulnerability CVE-2023-44487
CVE-2023-44487 "HTTP/2 Rapid Reset" enabled record-breaking DDoS attacks via stream-reset abuse. Impact, affected stacks, and remediation steps.
Unsafe deserialization in SnakeYAML CVE-2022-1471
CVE-2022-1471 lets attackers achieve RCE via SnakeYAML's unsafe Constructor. Learn affected versions, CVSS/EPSS context, and remediation steps.
The XZ backdoor CVE-2024-3094 deep dive
A technical deep dive into CVE-2024-3094, the XZ Utils/liblzma SSH backdoor: affected versions, severity context, full timeline, and remediation steps.
regreSSHion OpenSSH RCE vulnerability CVE-2024-6387
CVE-2024-6387 "regreSSHion" is a signal handler race condition in OpenSSH's sshd enabling unauthenticated root RCE on glibc-based Linux systems.
Terrapin SSH protocol downgrade attack explained
Terrapin (CVE-2023-48795) lets an on-path attacker silently strip packets from SSH handshakes. Here's how the downgrade works and how to check exposure.
MCPwn (CVE-2026-33032): One Missing Auth Check Turned nginx-ui's MCP Endpoint Into Unauthenticated RCE
nginx-ui added MCP support and split it across two HTTP routes. One route shipped without the auth middleware. The result is a CVSS 9.8 unauthenticated takeover, actively exploited, fixed with 27 characters of code.
Heartbleed OpenSSL vulnerability retrospective
A decade later, Heartbleed (CVE-2014-0160) still explains why software supply chain visibility matters: severity, timeline, and remediation steps revisited.
Shellshock Bash vulnerability retrospective
A decade-plus retrospective on Shellshock (CVE-2014-6271): how a Bash parsing flaw led to critical, KEV-listed remote code execution.