Safeguard
Tag

cve-analysis

Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.

134 articles

DevSecOps

Jenkins Script Security Sandbox Bypass Leading to RCE (CV...

CVE-2019-1003029 let attackers escape the Jenkins Script Security sandbox and execute arbitrary code via crafted Groovy pipeline scripts.

Nov 25, 20258 min read
Vulnerability Analysis

Helm 2 Tiller's Default Unauthenticated gRPC Endpoint (CV...

CVE-2019-18658 shows how Helm 2's Tiller ran an unauthenticated gRPC endpoint by default, letting network-adjacent attackers seize cluster-admin control.

Nov 24, 20257 min read
Open Source Security

.NET deserialization vulnerability landscape

A look at the .NET deserialization vulnerability landscape — from the 2025 ASP.NET machine key crisis to BinaryFormatter's retirement and Telerik exploits.

Nov 15, 20257 min read
Open Source Security

WordPress plugin vulnerability trends

WordPress plugin CVEs keep climbing and exploitation windows keep shrinking. Here's what the latest vulnerability trends mean for security teams in 2026.

Nov 13, 20257 min read
Open Source Security

Laravel security vulnerability trends

A data-driven look at recurring Laravel vulnerability patterns — debug-mode RCE, APP_KEY leaks, and Composer supply chain risk — and how to defend against them.

Nov 12, 20258 min read
Application Security

Memory Leak Vulnerabilities: Causes and Detection

Memory leaks aren't just a performance bug — from Heartbleed to Samba's CVE-2018-16851, they're a documented attack surface. Here's how they're caused, scored, and detected.

Nov 11, 20257 min read
Open Source Security

Swift Package Manager vulnerability trends

Typosquats, thin CVE coverage, and an executable manifest format: inside the Swift Package Manager vulnerability trends security teams can't ignore.

Nov 10, 20257 min read
Software Supply Chain Security

Homebrew formula security incidents

A timeline of Homebrew formula security incidents — from the 2018 Jenkins token leak to 2026's Trivy tap compromise — and what Homebrew's Tap Trust fix means for security teams.

Nov 9, 20258 min read
Industry Analysis

Expression Language Injection (ELI) in Java Applications

Expression language injection in Java has powered some of the decade's worst breaches, from Equifax to Confluence. Here's how OGNL and SpEL flaws actually get exploited.

Nov 8, 20257 min read
Cloud Security

Kubernetes secrets management vulnerability guide

Kubernetes Secrets are base64, not encrypted. Real CVEs and the Tesla breach show how attackers exploit that gap — and how to close it.

Nov 3, 20257 min read
Cloud Security

Jenkins plugin vulnerability trends report

Jenkins plugin CVEs keep piling up—missing permission checks, CSRF gaps, and a critical CVE-2024-23897 that attackers scanned for within days.

Nov 2, 20256 min read
Cloud Security

Container runtime security (containerd/CRI-O) vulnerability roundup

Container runtime CVEs like the runc Leaky Vessels flaw and CRI-O's cr8escape show how containerd and CRI-O bugs turn into full host takeovers.

Nov 2, 20257 min read
cve-analysis (Page 7) — Safeguard Blog