rce
Safeguard articles tagged "rce" — guides, analysis, and best practices for software supply chain and application security.
80 articles
Log4j JDBC Appender RCE (CVE-2021-44832)
CVE-2021-44832 lets attackers with logging-config write access achieve RCE via Log4j2's JDBC Appender — and Log4Shell fixes alone don't stop it.
Text4Shell Apache Commons Text RCE (CVE-2022-42889)
A deep dive into CVE-2022-42889 (Text4Shell): the Apache Commons Text RCE, its narrower real-world exploitability versus Log4Shell, and how to remediate it.
Apache OFBiz CVE-2024-38856 Pre-Auth RCE Analysis
CVE-2024-38856 is an unauthenticated RCE in Apache OFBiz that bypasses authentication via screen rendering. Exploit chain, detection, and patching.
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205 let attackers RCE self-managed GitLab via a malicious ExifTool-parsed upload — no auth required. Here's the timeline and fix.
Apache Struts CVE-2024-53677: The Path Traversal RCE
CVE-2024-53677 lets attackers abuse Struts file upload parameter pollution to plant webshells. Here is the chain, detection logic, and patch guidance.
Apache Shiro remember-me cookie deserialization RCE (CVE-2016-4437)
Apache Shiro's default rememberMe cipher key enables unauthenticated Java deserialization RCE. Here's how CVE-2016-4437 works and how to fix it.
vLLM CVE-2025-66448: Auto-Map RCE via Model Configs
A critical RCE in vLLM allows malicious model configs to bypass trust_remote_code=False. We analyze the bug, the patch, and what every vLLM operator should do.
Spring4Shell (CVE-2022-22965) Deep Dive: RCE via Data Bin...
A technical breakdown of Spring4Shell (CVE-2022-22965): the data-binding RCE, affected Spring/Tomcat configurations, severity, timeline, and how to remediate and detect exposure.
MCP Inspector CVE-2025-49596: Anatomy of a 9.4 RCE in Anthropic's Reference Tool
A missing auth check in MCP Inspector versions below 0.14.1 let any website pop a shell on a developer's machine. Here is the full chain and what to fix.
Erlang/OTP SSH CVE-2025-32433: Unauthenticated RCE Scoring 10.0
A maximum-severity vulnerability in Erlang/OTP's SSH server allowed unauthenticated remote code execution. Any system running Erlang's built-in SSH daemon was at risk, including telecom infrastructure.
The Spring Shell Vulnerability: What Happened
Spring4Shell (CVE-2022-22965) let attackers achieve remote code execution through Spring's data-binding mechanism — here's what made it exploitable and what actually needed patching.
YAML Deserialization Attacks and How to Prevent Them
YAML looks innocent but its deserialization features have led to remote code execution in countless applications. Here is why and how to stay safe.