rce
Safeguard articles tagged "rce" — guides, analysis, and best practices for software supply chain and application security.
80 articles
Jenkins CLI Arbitrary File Read (CVE-2024-23897) Explained
CVE-2024-23897 turned a convenience feature in Jenkins' CLI argument parser into an arbitrary file read that can escalate to full RCE. Here's the mechanism and the fix.
VMware vCenter (CVE-2021-21985) Explained: The vSAN Plugin RCE
CVE-2021-21985 is a CVSS 9.8 unauthenticated RCE in VMware vCenter Server's vSAN Health plugin, enabled by default on every install. Here is how it works and the patched builds to run.
Confluence OGNL Injection (CVE-2022-26134) Explained
CVE-2022-26134 is a CVSS 9.8 unauthenticated OGNL injection in Atlassian Confluence, exploited as a zero-day before the patch. Here is how the flaw works and which versions fixed it.
Confluence CVE-2021-26084 Explained: The Webwork OGNL Injection RCE
CVE-2021-26084 is an unauthenticated OGNL injection in Confluence Server and Data Center that allows remote code execution, rated CVSS 9.8. Here is the timeline, root cause, detection, and patched versions.
Shellshock (CVE-2014-6271) Explained: RCE Hiding in Bash Environment Variables
CVE-2014-6271, Shellshock, let attackers run commands by smuggling code into environment variables that Bash parsed as function definitions. Reachable over HTTP, DHCP, and SSH. Here is how.
Fastjson AutoType Bypass RCE (CVE-2022-25845) Explained
CVE-2022-25845 defeated Fastjson's autoType protection and reopened a deserialization RCE path. Here's how the bypass worked and how to lock the library down.
Follina (CVE-2022-30190) Explained: Code Execution From a Word Document With Macros Off
CVE-2022-30190, Follina, abused the Windows MSDT protocol handler so a Word document could run PowerShell — no macros, no enable-content click. Here is the ms-msdt mechanism.
Pillow (PIL) Security Guide (2026)
Pillow is the default image library for Python — and because it parses untrusted image bytes and once shipped an eval-based ImageMath, it has a long, real CVE history spanning arbitrary code execution and native buffer overflows.
Drupalgeddon2 (CVE-2018-7600) Explained: Drupal's Form API RCE
CVE-2018-7600, known as Drupalgeddon2, is a CVSS 9.8 unauthenticated remote code execution flaw in Drupal core's Form API. Here is how the renderable-array bug works and which versions to run.
Jackson-databind Polymorphic Deserialization Gadget (CVE-2019-12384) Explained
CVE-2019-12384 chained a logback gadget with H2's RUNSCRIPT to turn default typing into code execution. Here's the mechanism, the classpath caveat, and how to fix it for good.
PrintNightmare (CVE-2021-34527) Explained: When the Windows Print Spooler Ran Code as SYSTEM
CVE-2021-34527, PrintNightmare, let an authenticated attacker load a malicious printer driver through the Windows Print Spooler and execute code as SYSTEM — locally or across a domain.
YAML Injection: How It Happens and How to Prevent It
YAML looks like a harmless config format, but the wrong parser call turns a config file into a code-execution engine. Here's how YAML deserialization attacks work and how to parse safely.