Safeguard
Tag

kev

Safeguard articles tagged "kev" — guides, analysis, and best practices for software supply chain and application security.

21 articles

Industry Analysis

State of Vulnerability Management 2026 Report

Where vulnerability management actually stands in 2026: KEV-driven prioritization, reachability, SLAs that hold, and the tools teams are consolidating onto.

Feb 4, 20268 min read
Vulnerability Analysis

GitLab ExifTool RCE (CVE-2021-22205)

CVE-2021-22205 let attackers RCE self-managed GitLab via a malicious ExifTool-parsed upload — no auth required. Here's the timeline and fix.

Jan 11, 20268 min read
Vulnerability Analysis

CVE-2025-59718 in FortiOS: FortiCloud SSO SAML Bypass

An unauthenticated SAML message manipulation lets attackers log in as admin on FortiGate, FortiWeb, and FortiProxy. We unpack the bug and the IR steps.

Dec 11, 20256 min read
Vulnerability Analysis

CVE-2020-11651: Authentication bypass in SaltStack salt-m...

CVE-2020-11651, a critical CVSS 9.8 authentication bypass in SaltStack's salt-master, enabled unauthenticated RCE and fueled real-world attacks on LineageOS, Ghost, and DigiCert.

Oct 1, 20258 min read
Vulnerability Analysis

CVE-2025-20352 in Cisco IOS: SNMP Stack Overflow Deep Dive

An authenticated stack buffer overflow in Cisco IOS and IOS XE SNMP is being exploited in the wild. We dissect the bug, the patch, and the detection signal.

Sep 30, 20256 min read
Threat Intelligence

CISA KEV Catalog in 2025: What the Data Tells Us About Real-World Exploitation

The CISA Known Exploited Vulnerabilities catalog has become the definitive list of actively exploited flaws. An analysis of 2025 KEV trends reveals which products, vulnerability types, and attack patterns dominate.

Mar 18, 20255 min read
Security Concepts

CVE Vulnerabilities Explained: How the CVE System Works

What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.

Sep 17, 20246 min read
Vulnerability Analysis

CISA KEV Catalog: One Year Analysis of Known Exploited Vulnerabilities

After one year, the CISA KEV catalog has reshaped how organizations prioritize patching. Here's what the data tells us about real-world exploitation.

Apr 25, 20236 min read
Compliance & Regulations

CISA Known Exploited Vulnerabilities Catalog Launched

CISA's KEV catalog changes vulnerability management from theoretical risk to confirmed exploitation. Here's what it means and how to use it for prioritization.

Dec 20, 20215 min read
kev (Page 2) — Safeguard Blog