Safeguard
Tag

cve

Safeguard articles tagged "cve" — guides, analysis, and best practices for software supply chain and application security.

136 articles

Agent Security

LangGraph CVE-2025-64439: When Agent Checkpoints Become RCE

A JsonPlusSerializer fallback in langgraph-checkpoint let attacker-controlled payloads execute arbitrary Python on deserialization. We unpack the bug, the patch, and what agent operators must change.

Nov 20, 20256 min read
Vulnerability Response

CVE-2025-31133 in runc: Patch Posture & SBOM Response

runc container-escape via /proc mount manipulation affects Docker, Kubernetes, and every CRI runtime. Defender playbook below.

Nov 19, 20257 min read
Vulnerability Response

CVE-2025-64446 in Fortinet FortiWeb: Patch Posture & SBOM Response

FortiWeb path traversal + RCE scored CVSS 9.1 and entered CISA KEV after months of targeted exploitation. Defender playbook for the WAF emergency.

Nov 15, 20257 min read
Concepts

What Is a CVE Numbering Authority (CNA)?

A CNA is an organization authorized to assign CVE identifiers to vulnerabilities in its scope. Here is how CNAs work and why they shape how fast a flaw becomes citable.

Nov 11, 20255 min read
Cloud Security

Kubernetes ingress controller vulnerability roundup

Ingress-nginx, Apache APISIX, and other Kubernetes ingress controllers have racked up critical CVEs since 2021 — here's what actually happened.

Nov 4, 20257 min read
Vulnerability Management

Open Source Vulnerability Databases Compared: NVD, OSV, GitHub Advisory, and More

Not all vulnerability databases are created equal. A detailed comparison of coverage, timeliness, accuracy, and practical usability across the major databases.

Oct 22, 20256 min read
Vulnerability Response

CVE-2025-20333 in Cisco ASA: Patch Posture & SBOM Response

Cisco Secure Firewall ASA/FTD buffer overflow scored CVSS 9.9 and was added to CISA KEV the day Cisco published the advisory. Here is the defender playbook.

Oct 2, 20256 min read
Concepts

What Is the NVD (National Vulnerability Database)?

The NVD is the U.S. government's enrichment layer on top of the CVE List, adding CVSS scores, CWE classifications, and affected-configuration data. Here is how it works and where it falls short.

Sep 30, 20256 min read
Vulnerability Response

CVE-2025-9086 in cURL: Patch Posture & SBOM Response

Heap out-of-bounds read in libcurl's cookie path comparison affects nearly every Linux distro. Defender SBOM playbook below.

Sep 12, 20257 min read
Vulnerability Response

CVE-2025-55190 in Argo CD: Patch Posture & SBOM Response

Argo CD project details API leaks repository credentials, scored CVSS 9.9. GitOps platforms are now top-tier credential targets. Defender playbook below.

Sep 8, 20257 min read
Vulnerability Analysis

How the Snyk Vulnerability Database sources and verifies ...

A look at how Snyk's Vulnerability Database sources, verifies, and scores new disclosures, from GHSA feeds and silent fixes to CVSS overrides and embargo timing.

Aug 28, 20257 min read
Vulnerability Response

CVE-2025-7775 in Citrix NetScaler: Patch Posture & SBOM Response

NetScaler ADC and Gateway memory overflow scored CVSS 9.2 and landed on CISA KEV with a 48-hour patch deadline. Here is the defender playbook.

Aug 27, 20256 min read
cve (Page 9) — Safeguard Blog