Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Aqua Vulnerability Database (AVD) explained
AVD powers Trivy's scan results, but it's a curated aggregator, not a primary source. Here's how it differs from NVD, where its gaps are, and how to close them.
How Trivy sources vulnerability data (NVD, vendor advisor...
Trivy's CVE data comes from NVD, GHSA, and distro trackers compiled into a periodic snapshot — not kube-hunter. Here's how the pipeline really works, and where it lags.
Juniper Junos CVE-2024-21591: Routing Plane Vulnerabilities and 2026 Defense
CVE-2024-21591 was an out-of-bounds write in Juniper Junos OS that affected core routing infrastructure. The technical details and what defenders should take away in 2026.
What is a Zero-Day Vulnerability
A zero-day vulnerability is exploited before a patch exists. See real cases like Log4Shell and MOVEit, and how to cut response time.
What is a CVE (Common Vulnerabilities and Exposures)
A CVE is a unique ID for a known security flaw, but how it's assigned, scored, and disclosed is far messier than the name suggests.
Cisco Firepower CVE-2024-20418 Lessons: Network Security Devices as Attack Surface
CVE-2024-20418 was a critical command injection in Cisco Firepower Management Center. The technical details, the exploitation reality, and what it teaches about NSM security.
What is CVSS (Common Vulnerability Scoring System)
CVSS scores rate vulnerability severity from 0.0 to 10.0 — but a 9.8 doesn't mean exploitable in your app. Here's how the math and priorities really work.
What is EPSS (Exploit Prediction Scoring System)
EPSS scores every CVE's real-world exploit probability. Here's how the FIRST.org model works, how it differs from CVSS, and how to use it to triage faster.
What is an Exploit
An exploit is code that weaponizes a vulnerability. Learn how exploits differ from CVEs, how attackers acquire them, and how to prioritize real exploitation risk.
What is Cross-Site Scripting (XSS)
XSS lets attackers inject malicious JavaScript into trusted pages. Learn how stored, reflected, and DOM-based XSS work, real breaches, and defenses.
What is SQL Injection (SQLi)
SQL injection (CWE-89) lets attackers rewrite database queries via untrusted input — here's how SQLi works, its types, severity, and how to prevent it.
How Does SQL Injection Work
A technical walkthrough of how SQL injection works, the main attack variants, real breaches it caused, and how to detect and prevent it.