cve-analysis
Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.
134 articles
Buffer Overflow Vulnerabilities: A Practical Guide
Buffer overflows write past the end of a memory buffer, corrupting adjacent data and often reaching code execution. Here is how they work and how to prevent them.
What PHP's use-after-free bugs teach us about dynamic-runtime memory safety
Check Point disclosed three PHP 7 unserialize zero-days in 2016 alone. A decade of PHP use-after-free CVEs shows memory-safety risk doesn't end at the C/C++ boundary.
What Is Privilege Escalation? A 2026 Explainer
Privilege escalation is how a limited foothold becomes full control. This explainer covers vertical vs. horizontal paths across Linux, containers, and cloud IAM.
Race Condition Vulnerabilities Explained
A race condition is a timing flaw where two operations that should happen in order overlap instead — enabling double-spends, TOCTOU bypasses, and kernel exploits.
JWT Security Vulnerabilities and How to Avoid Them
JSON Web Tokens are only as safe as how you verify them. The alg:none trick, RS256-to-HS256 confusion, and weak secrets have all led to full auth bypass.
Top Docker security vulnerabilities to watch
Runc escapes, exposed Docker APIs, malicious registry images: the Docker vulnerabilities actually driving incidents in 2024-2025, and how to triage what's exploitable.
Lessons from the CNCF Kubernetes security audit
The 2019 CNCF Kubernetes security audit found 37 issues rooted in insecure defaults. Here's what it uncovered and what still applies today.
Security implications of Kubernetes operators
Kubernetes Operators run with elevated, cluster-wide privilege by design. IngressNightmare, Argo CD, and cert-manager CVEs show what happens when that trust is abused.
OCI image vulnerability scanning explained
A concrete breakdown of how OCI image vulnerability scanning works, where scanners miss real risk, and how to build a scan workflow that doesn't drown teams in noise.
Container escape vulnerabilities explained
Container escape vulnerabilities let attackers break out of isolation and reach the host kernel. Here's how CVE-2024-21626 and CVE-2019-5736 actually work.
Securing Model Context Protocol (MCP) servers
MCP server security explained through real 2025 CVEs, tool poisoning, and rug-pull attacks, plus concrete controls security teams need to defend AI agent tool calls.
Vulnerability Prioritization in the AI Era
CVSS scores can't keep pace with AI-generated code and 40,000+ annual CVEs. Here's why Sonatype's component-level model falls short and what real prioritization requires.