cve
Safeguard articles tagged "cve" — guides, analysis, and best practices for software supply chain and application security.
136 articles
LangGraph CVE-2025-64439: When Agent Checkpoints Become RCE
A JsonPlusSerializer fallback in langgraph-checkpoint let attacker-controlled payloads execute arbitrary Python on deserialization. We unpack the bug, the patch, and what agent operators must change.
CVE-2025-31133 in runc: Patch Posture & SBOM Response
runc container-escape via /proc mount manipulation affects Docker, Kubernetes, and every CRI runtime. Defender playbook below.
CVE-2025-64446 in Fortinet FortiWeb: Patch Posture & SBOM Response
FortiWeb path traversal + RCE scored CVSS 9.1 and entered CISA KEV after months of targeted exploitation. Defender playbook for the WAF emergency.
What Is a CVE Numbering Authority (CNA)?
A CNA is an organization authorized to assign CVE identifiers to vulnerabilities in its scope. Here is how CNAs work and why they shape how fast a flaw becomes citable.
Kubernetes ingress controller vulnerability roundup
Ingress-nginx, Apache APISIX, and other Kubernetes ingress controllers have racked up critical CVEs since 2021 — here's what actually happened.
Open Source Vulnerability Databases Compared: NVD, OSV, GitHub Advisory, and More
Not all vulnerability databases are created equal. A detailed comparison of coverage, timeliness, accuracy, and practical usability across the major databases.
CVE-2025-20333 in Cisco ASA: Patch Posture & SBOM Response
Cisco Secure Firewall ASA/FTD buffer overflow scored CVSS 9.9 and was added to CISA KEV the day Cisco published the advisory. Here is the defender playbook.
What Is the NVD (National Vulnerability Database)?
The NVD is the U.S. government's enrichment layer on top of the CVE List, adding CVSS scores, CWE classifications, and affected-configuration data. Here is how it works and where it falls short.
CVE-2025-9086 in cURL: Patch Posture & SBOM Response
Heap out-of-bounds read in libcurl's cookie path comparison affects nearly every Linux distro. Defender SBOM playbook below.
CVE-2025-55190 in Argo CD: Patch Posture & SBOM Response
Argo CD project details API leaks repository credentials, scored CVSS 9.9. GitOps platforms are now top-tier credential targets. Defender playbook below.
How the Snyk Vulnerability Database sources and verifies ...
A look at how Snyk's Vulnerability Database sources, verifies, and scores new disclosures, from GHSA feeds and silent fixes to CVSS overrides and embargo timing.
CVE-2025-7775 in Citrix NetScaler: Patch Posture & SBOM Response
NetScaler ADC and Gateway memory overflow scored CVSS 9.2 and landed on CISA KEV with a 48-hour patch deadline. Here is the defender playbook.