cve
Safeguard articles tagged "cve" — guides, analysis, and best practices for software supply chain and application security.
136 articles
How Snyk continuously monitors production dependencies fo...
A technical walkthrough of how Snyk's continuous monitoring uses dependency snapshots, vuln-DB updates, and priority scoring to flag newly disclosed CVEs in production.
CVE-2025-9074 in Docker Desktop: Patch Posture & SBOM Response
Docker Desktop container-to-host escape scored CVSS 9.3. Affected Windows and macOS developer fleets need a fast patch rollout. Defender playbook below.
Nginx Vulnerabilities: Tracking and Patching at Scale
Nginx vulnerabilities are rare compared to application-layer bugs but high-impact when they land — here's how to track disclosures and patch fleets without breaking uptime.
Rust Memory Safety: A CVE Trend Analysis
Analysis of CVE data across Rust crates and std releases, measuring how memory safety affects vulnerability shape, density, and unsafe-block concentration.
CVE-2025-53770 in SharePoint (ToolShell): Patch Posture & SBOM Response
On-prem SharePoint deserialization flaw scored CVSS 9.8 and entered CISA KEV the day after public exploitation. Defender playbook below.
CVE-2025-49794 in libxml2: Patch Posture & SBOM Response
libxml2 use-after-free during XPath schematron parsing scored CVSS 9.1. Defender SBOM playbook for one of the most-embedded libraries on the planet.
The CVE Program Funding Crisis: What Happened and What It Means
The CVE program nearly lost its funding in early 2025, exposing deep structural risks in how we track vulnerabilities. Here is what happened and where we go from here.
EchoLeak (CVE-2025-32711): The First Zero-Click Production LLM Exfiltration
A single crafted email could exfiltrate data from Microsoft 365 Copilot without a user click. We walk the attack chain, the patch, and the lessons for agent operators.
CVE-2025-23121 in Veeam Backup & Replication: Patch Posture & SBOM Response
Veeam B&R authenticated RCE on the backup server scored CVSS 9.9. Backup infrastructure cannot be a soft underbelly. Here is the defender playbook.
CVE-2025-47884 in Jenkins OpenID Connect Provider: Patch Posture & SBOM Response
Jenkins OIDC Provider plugin token impersonation scored CVSS 9.1. Defender playbook for CI/CD identity infrastructure.
CVE-2025-22462 in Ivanti Neurons for ITSM: Patch Posture & SBOM Response
Ivanti Neurons for ITSM auth bypass scored CVSS 9.8 and grants full admin access. Defender playbook for the ITSM patching emergency.
CVE-2025-1094 in PostgreSQL psql: Patch Posture & SBOM Response
PostgreSQL psql SQL injection scored CVSS 8.1 and patched in 17.3 / 16.7 / 15.11 / 14.16 / 13.19. Defender SBOM and rollout playbook.