Safeguard
Tag

rce

Safeguard articles tagged "rce" — guides, analysis, and best practices for software supply chain and application security.

80 articles

Vulnerability Analysis

Log4j JDBC Appender RCE (CVE-2021-44832)

CVE-2021-44832 lets attackers with logging-config write access achieve RCE via Log4j2's JDBC Appender — and Log4Shell fixes alone don't stop it.

Jan 14, 20267 min read
Vulnerability Analysis

Text4Shell Apache Commons Text RCE (CVE-2022-42889)

A deep dive into CVE-2022-42889 (Text4Shell): the Apache Commons Text RCE, its narrower real-world exploitability versus Log4Shell, and how to remediate it.

Jan 14, 20267 min read
Vulnerability Analysis

Apache OFBiz CVE-2024-38856 Pre-Auth RCE Analysis

CVE-2024-38856 is an unauthenticated RCE in Apache OFBiz that bypasses authentication via screen rendering. Exploit chain, detection, and patching.

Jan 13, 20266 min read
Vulnerability Analysis

GitLab ExifTool RCE (CVE-2021-22205)

CVE-2021-22205 let attackers RCE self-managed GitLab via a malicious ExifTool-parsed upload — no auth required. Here's the timeline and fix.

Jan 11, 20268 min read
Vulnerability Analysis

Apache Struts CVE-2024-53677: The Path Traversal RCE

CVE-2024-53677 lets attackers abuse Struts file upload parameter pollution to plant webshells. Here is the chain, detection logic, and patch guidance.

Jan 5, 20267 min read
Vulnerability Analysis

Apache Shiro remember-me cookie deserialization RCE (CVE-2016-4437)

Apache Shiro's default rememberMe cipher key enables unauthenticated Java deserialization RCE. Here's how CVE-2016-4437 works and how to fix it.

Dec 23, 20258 min read
AI Security

vLLM CVE-2025-66448: Auto-Map RCE via Model Configs

A critical RCE in vLLM allows malicious model configs to bypass trust_remote_code=False. We analyze the bug, the patch, and what every vLLM operator should do.

Nov 22, 20257 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965) Deep Dive: RCE via Data Bin...

A technical breakdown of Spring4Shell (CVE-2022-22965): the data-binding RCE, affected Spring/Tomcat configurations, severity, timeline, and how to remediate and detect exposure.

Oct 27, 20257 min read
Agent Security

MCP Inspector CVE-2025-49596: Anatomy of a 9.4 RCE in Anthropic's Reference Tool

A missing auth check in MCP Inspector versions below 0.14.1 let any website pop a shell on a developer's machine. Here is the full chain and what to fix.

Jul 8, 20256 min read
Vulnerability Analysis

Erlang/OTP SSH CVE-2025-32433: Unauthenticated RCE Scoring 10.0

A maximum-severity vulnerability in Erlang/OTP's SSH server allowed unauthenticated remote code execution. Any system running Erlang's built-in SSH daemon was at risk, including telecom infrastructure.

Apr 16, 20255 min read
Vulnerabilities

The Spring Shell Vulnerability: What Happened

Spring4Shell (CVE-2022-22965) let attackers achieve remote code execution through Spring's data-binding mechanism — here's what made it exploitable and what actually needed patching.

Jan 30, 20244 min read
Application Security

YAML Deserialization Attacks and How to Prevent Them

YAML looks innocent but its deserialization features have led to remote code execution in countless applications. Here is why and how to stay safe.

Jan 28, 20244 min read
rce (Page 6) — Safeguard Blog