kev
Safeguard articles tagged "kev" — guides, analysis, and best practices for software supply chain and application security.
21 articles
State of Vulnerability Management 2026 Report
Where vulnerability management actually stands in 2026: KEV-driven prioritization, reachability, SLAs that hold, and the tools teams are consolidating onto.
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205 let attackers RCE self-managed GitLab via a malicious ExifTool-parsed upload — no auth required. Here's the timeline and fix.
CVE-2025-59718 in FortiOS: FortiCloud SSO SAML Bypass
An unauthenticated SAML message manipulation lets attackers log in as admin on FortiGate, FortiWeb, and FortiProxy. We unpack the bug and the IR steps.
CVE-2020-11651: Authentication bypass in SaltStack salt-m...
CVE-2020-11651, a critical CVSS 9.8 authentication bypass in SaltStack's salt-master, enabled unauthenticated RCE and fueled real-world attacks on LineageOS, Ghost, and DigiCert.
CVE-2025-20352 in Cisco IOS: SNMP Stack Overflow Deep Dive
An authenticated stack buffer overflow in Cisco IOS and IOS XE SNMP is being exploited in the wild. We dissect the bug, the patch, and the detection signal.
CISA KEV Catalog in 2025: What the Data Tells Us About Real-World Exploitation
The CISA Known Exploited Vulnerabilities catalog has become the definitive list of actively exploited flaws. An analysis of 2025 KEV trends reveals which products, vulnerability types, and attack patterns dominate.
CVE Vulnerabilities Explained: How the CVE System Works
What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.
CISA KEV Catalog: One Year Analysis of Known Exploited Vulnerabilities
After one year, the CISA KEV catalog has reshaped how organizations prioritize patching. Here's what the data tells us about real-world exploitation.
CISA Known Exploited Vulnerabilities Catalog Launched
CISA's KEV catalog changes vulnerability management from theoretical risk to confirmed exploitation. Here's what it means and how to use it for prioritization.