Safeguard
Topic

Vulnerability Response

In-depth guides and analysis on vulnerability response from the Safeguard engineering team.

16 articles

Vulnerability Response

CVE-2026-0300 in Palo Alto PAN-OS: Patch Posture & SBOM Response

PAN-OS Captive Portal pre-auth RCE scored CVSS 9.3 and landed on CISA KEV with a three-day patch deadline. Defender playbook below.

May 7, 20267 min read
Vulnerability Response

CVE-2025-53521 in F5 BIG-IP APM: Patch Posture & SBOM Response

F5 BIG-IP APM bug reclassified from DoS to RCE at CVSS 9.8 and landed on CISA KEV. Defender playbook for the late-cycle severity surprise.

Mar 29, 20267 min read
Vulnerability Response

CVE-2025-15467 in OpenSSL CMS: Patch Posture & SBOM Response

OpenSSL CMS pre-auth stack buffer overflow scored CVSS 9.8. Mail servers, web servers, and anything that processes S/MIME need the fix. Defender playbook below.

Jan 28, 20267 min read
Vulnerability Response

CVE-2025-31133 in runc: Patch Posture & SBOM Response

runc container-escape via /proc mount manipulation affects Docker, Kubernetes, and every CRI runtime. Defender playbook below.

Nov 19, 20257 min read
Vulnerability Response

CVE-2025-64446 in Fortinet FortiWeb: Patch Posture & SBOM Response

FortiWeb path traversal + RCE scored CVSS 9.1 and entered CISA KEV after months of targeted exploitation. Defender playbook for the WAF emergency.

Nov 15, 20257 min read
Vulnerability Response

CVE-2025-20333 in Cisco ASA: Patch Posture & SBOM Response

Cisco Secure Firewall ASA/FTD buffer overflow scored CVSS 9.9 and was added to CISA KEV the day Cisco published the advisory. Here is the defender playbook.

Oct 2, 20256 min read
Vulnerability Response

CVE-2025-9086 in cURL: Patch Posture & SBOM Response

Heap out-of-bounds read in libcurl's cookie path comparison affects nearly every Linux distro. Defender SBOM playbook below.

Sep 12, 20257 min read
Vulnerability Response

CVE-2025-55190 in Argo CD: Patch Posture & SBOM Response

Argo CD project details API leaks repository credentials, scored CVSS 9.9. GitOps platforms are now top-tier credential targets. Defender playbook below.

Sep 8, 20257 min read
Vulnerability Response

CVE-2025-7775 in Citrix NetScaler: Patch Posture & SBOM Response

NetScaler ADC and Gateway memory overflow scored CVSS 9.2 and landed on CISA KEV with a 48-hour patch deadline. Here is the defender playbook.

Aug 27, 20256 min read
Vulnerability Response

CVE-2025-9074 in Docker Desktop: Patch Posture & SBOM Response

Docker Desktop container-to-host escape scored CVSS 9.3. Affected Windows and macOS developer fleets need a fast patch rollout. Defender playbook below.

Aug 21, 20256 min read
Vulnerability Response

CVE-2025-53770 in SharePoint (ToolShell): Patch Posture & SBOM Response

On-prem SharePoint deserialization flaw scored CVSS 9.8 and entered CISA KEV the day after public exploitation. Defender playbook below.

Jul 21, 20256 min read
Vulnerability Response

CVE-2025-49794 in libxml2: Patch Posture & SBOM Response

libxml2 use-after-free during XPath schematron parsing scored CVSS 9.1. Defender SBOM playbook for one of the most-embedded libraries on the planet.

Jul 15, 20256 min read
Vulnerability Response — Supply Chain Security Blog | Safeguard