Safeguard
Tag

cve-analysis

Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.

134 articles

Vulnerability Analysis

systeminformation npm package command injection (CVE-2021-21315)

A critical command injection flaw in the systeminformation npm package (CVE-2021-21315) let attackers run OS commands via unsanitized shell calls. Here's the full breakdown.

Jan 12, 20268 min read
Vulnerability Analysis

node-forge prototype pollution/signature verification issue (CVE-2020-7712)

node-forge's RSA signature verification (CVE-2022-24771/24772) and prototype pollution (CVE-2020-7720) let attackers forge trust decisions across X.509, PKCS#7, and PKCS#12 flows.

Jan 6, 20267 min read
Open Source Security

CVE analysis: critical vulnerabilities in open source fin...

Log4Shell, Spring4Shell, and the Struts flaw behind Equifax: real CVEs still lurking in banking and fintech open source stacks, with fixes and detection tips.

Jan 3, 20268 min read
Vulnerability Analysis

browserslist ReDoS vulnerability (CVE-2021-23364)

A ReDoS flaw in browserslist (CVE-2021-23364) let crafted query strings stall builds across the JS ecosystem. Here's the full breakdown and fix.

Jan 3, 20267 min read
Vulnerability Analysis

tough-cookie prototype pollution (CVE-2023-26136)

CVE-2023-26136: a prototype pollution flaw in tough-cookie hides deep in transitive Node.js dependencies. Impact, timeline, and remediation steps.

Jan 2, 20268 min read
Vulnerability Analysis

Python setuptools package_index ReDoS (CVE-2022-40897)

CVE-2022-40897 is a ReDoS flaw in setuptools' package_index.py that can hang CI pipelines when parsing crafted index pages. Here's how to detect and fix it.

Dec 31, 20257 min read
Vulnerability Analysis

CVE analysis: nation-state supply chain attacks on defens...

CVE analysis of nation-state supply chain attacks on defense contractors: SolarWinds SUNBURST and Ivanti Connect Secure exploitation, CVSS, KEV, and fixes.

Dec 26, 20258 min read
Vulnerability Analysis

CVE analysis: vulnerabilities in Open RAN and 5G core net...

An open RAN 5G core CVE analysis of the 5Ghoul modem flaws: affected components, CVSS/EPSS/KEV context, disclosure timeline, and practical remediation steps.

Dec 24, 20258 min read
Vulnerability Analysis

CVE analysis: Magecart and e-commerce JavaScript supply c...

A Magecart supply chain attack analysis of the CVEs and exploit chains behind skimmer campaigns on Adobe Commerce and Magento, plus how to defend checkout pages.

Dec 23, 20259 min read
Vulnerability Analysis

CVE analysis: vulnerabilities in SCADA and industrial con...

A SCADA industrial control CVE analysis of CVE-2018-8872, the Triconex Tricon flaw behind the TRITON safety-system attack — affected versions, CVSS context, timeline, and remediation.

Dec 21, 20258 min read
AI Security

Analysis of known MCP server CVEs and disclosed vulnerabi...

Two critical CVEs — in mcp-remote and Anthropic's MCP Inspector — reveal how MCP server vulnerabilities let untrusted servers execute code on client machines.

Dec 18, 20258 min read
Vulnerability Analysis

What is prototype pollution and why it keeps recurring in npm packages

Prototype pollution has hit lodash, jQuery, minimist, hoek, and immer since 2018. Here's how the bug works and why it keeps coming back in npm.

Dec 15, 20256 min read
cve-analysis (Page 5) — Safeguard Blog