privilege-escalation
Safeguard articles tagged "privilege-escalation" — guides, analysis, and best practices for software supply chain and application security.
43 articles
Microsoft Power Pages CVE-2025-24989: Privilege Escalation in Low-Code Platforms
Microsoft patched an actively exploited privilege escalation vulnerability in Power Pages, its low-code web platform. The flaw allowed unauthorized users to gain elevated access within affected sites.
Privilege Escalation in Web Applications: Attacks and Defenses
Privilege escalation vulnerabilities let attackers elevate their access level within an application. This guide covers both vertical and horizontal escalation techniques, real-world patterns, and concrete defenses.
Authorization Vulnerabilities: Prevention and Best Practices
Authorization flaws let authenticated users access resources and perform actions beyond their intended permissions. Learn the most common authorization vulnerabilities and how to build robust access control systems.
Running Containers in Rootless Mode: A Practical Security Guide
Root in the container often means root on the host. Rootless mode breaks that assumption. Here is how to run Docker and Podman without root and why it matters more than you think.
Dirty Pipe (CVE-2022-0847): A Deep Dive into the Linux Kernel Vulnerability
Dirty Pipe allowed any local user to overwrite data in read-only files, including SUID binaries, leading to trivial root escalation. The bug was elegant, dangerous, and surprisingly recent.
Polkit pkexec Privilege Escalation: CVE-2021-4034 (PwnKit)
A 12-year-old memory corruption bug in Polkit's pkexec gave any unprivileged local user instant root access on virtually every major Linux distribution. Here's why it matters.
PrintNightmare CVE-2021-34527: The Windows Print Spooler Bug That Haunted Every Enterprise
PrintNightmare gave attackers SYSTEM-level access through the Windows Print Spooler service running on nearly every Windows machine. The patch rollout was a mess.