Safeguard
Tag

cve-analysis

Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.

134 articles

Product

Reachability analysis for vulnerability prioritization

Most CVEs your scanner flags are never executed. See how reachability analysis filters noise, how Socket.dev approaches it, and how Safeguard finds real risk.

May 8, 20267 min read
Vulnerability Analysis

Apache Struts remote code execution CVE history

A decade of Apache Struts RCEs — from Equifax's CVE-2017-5638 to 2024's file-upload bypass — traced through CVSS, EPSS, KEV, and fixes.

May 4, 20267 min read
Vulnerability Analysis

Filesystem takeover vulnerabilities in the npm package manager

How npm and node-tar "filesystem takeover" CVEs let malicious packages overwrite files via symlinks and path traversal during install.

May 1, 20267 min read
Vulnerability Analysis

Understanding zero-day vulnerabilities and incident response

A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.

Apr 30, 20266 min read
Industry Analysis

WebExtension vulnerabilities in React DevTools and Vue.js DevTools

CVE-2023-5654 and CVE-2023-5718 exposed 5M+ React and Vue devtools users to postMessage flaws. Here's how devtools extensions became supply chain risk.

Apr 28, 20267 min read
Container Security

Container security best practices checklist

A practical container security checklist covering base images, scanning limits, runtime risk, and why CVE scans like Trivy alone miss most real supply chain threats.

Apr 26, 20267 min read
Container Security

Container escape attacks: how they happen and how to prev...

Container escapes rarely need a zero-day — privileged flags, mounted sockets, and excess capabilities do the job. Here's how they happen, real CVEs, and how to stop them.

Apr 26, 20269 min read
Software Supply Chain Security

Software supply chain attacks: how they work and recent e...

Software supply chain attacks like SolarWinds, xz-utils, and polyfill.io bypass vulnerability scanners entirely. Here's how they work and where provenance verification fills the gap.

Apr 25, 20268 min read
Industry Analysis

162 vulnerabilities disclosed in Java's top 10 libraries

Safeguard's H1 2026 analysis found 162 CVEs across Java's ten most-downloaded libraries, with critical RCE risk concentrated in Tomcat and Spring.

Apr 24, 20267 min read
Vulnerability Analysis

What is a Zero-Day Vulnerability

A zero-day vulnerability is exploited before a patch exists. See real cases like Log4Shell and MOVEit, and how to cut response time.

Apr 9, 20267 min read
Vulnerability Analysis

What is Command Injection

Command injection lets attackers run OS commands through unsanitized input. Learn how it works, real CVEs like Shellshock and PAN-OS, and how to prevent it.

Mar 30, 20267 min read
Vulnerability Analysis

What is Privilege Escalation

Privilege escalation turns a minor foothold into a full breach. Learn the techniques, real-world examples, and how to detect and stop it.

Mar 28, 20266 min read
cve-analysis (Page 3) — Safeguard Blog