cve-analysis
Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.
134 articles
Jenkins Script Security Sandbox Bypass Leading to RCE (CV...
CVE-2019-1003029 let attackers escape the Jenkins Script Security sandbox and execute arbitrary code via crafted Groovy pipeline scripts.
Helm 2 Tiller's Default Unauthenticated gRPC Endpoint (CV...
CVE-2019-18658 shows how Helm 2's Tiller ran an unauthenticated gRPC endpoint by default, letting network-adjacent attackers seize cluster-admin control.
.NET deserialization vulnerability landscape
A look at the .NET deserialization vulnerability landscape — from the 2025 ASP.NET machine key crisis to BinaryFormatter's retirement and Telerik exploits.
WordPress plugin vulnerability trends
WordPress plugin CVEs keep climbing and exploitation windows keep shrinking. Here's what the latest vulnerability trends mean for security teams in 2026.
Laravel security vulnerability trends
A data-driven look at recurring Laravel vulnerability patterns — debug-mode RCE, APP_KEY leaks, and Composer supply chain risk — and how to defend against them.
Memory Leak Vulnerabilities: Causes and Detection
Memory leaks aren't just a performance bug — from Heartbleed to Samba's CVE-2018-16851, they're a documented attack surface. Here's how they're caused, scored, and detected.
Swift Package Manager vulnerability trends
Typosquats, thin CVE coverage, and an executable manifest format: inside the Swift Package Manager vulnerability trends security teams can't ignore.
Homebrew formula security incidents
A timeline of Homebrew formula security incidents — from the 2018 Jenkins token leak to 2026's Trivy tap compromise — and what Homebrew's Tap Trust fix means for security teams.
Expression Language Injection (ELI) in Java Applications
Expression language injection in Java has powered some of the decade's worst breaches, from Equifax to Confluence. Here's how OGNL and SpEL flaws actually get exploited.
Kubernetes secrets management vulnerability guide
Kubernetes Secrets are base64, not encrypted. Real CVEs and the Tesla breach show how attackers exploit that gap — and how to close it.
Jenkins plugin vulnerability trends report
Jenkins plugin CVEs keep piling up—missing permission checks, CSRF gaps, and a critical CVE-2024-23897 that attackers scanned for within days.
Container runtime security (containerd/CRI-O) vulnerability roundup
Container runtime CVEs like the runc Leaky Vessels flaw and CRI-O's cr8escape show how containerd and CRI-O bugs turn into full host takeovers.