Safeguard
Tag

Vulnerabilities

Safeguard articles tagged "Vulnerabilities" — guides, analysis, and best practices for software supply chain and application security.

27 articles

Vulnerabilities

SQL Injection Detection: How Scanners Actually Find It

SQL injection detected in a scan report can mean very different things depending on whether it came from a static trace or a live dynamic test — here's how each actually works.

Feb 19, 20256 min read
Threat Intelligence

Vulnerability Exploitation Trends in 2024: What the Data Shows

Analysis of 2024 vulnerability exploitation patterns reveals faster weaponization timelines, shifting target profiles, and the growing importance of edge device vulnerabilities.

Dec 15, 20246 min read
Vulnerabilities

XSS Scripting Attacks: A Refresher for Engineers

XSS scripting attacks still make the OWASP Top 10 more than two decades after they were first documented, mostly because the fix is context-dependent and easy to get almost-right.

Aug 21, 20245 min read
Vulnerabilities

What Is a CSRF Token, and How Does It Stop CSRF?

A CSRF token is a random, per-session value a server requires on state-changing requests so a malicious site can't forge one on a logged-in user's behalf.

Jul 22, 20245 min read
Vulnerabilities

CVE-2022-24785: The Moment.js Path Traversal, Explained

A user-controlled locale string was all it took: how CVE-2022-24785 let attackers traverse paths through Moment.js locale loading on Node.js, and why the fix is a one-line upgrade.

May 21, 20245 min read
Vulnerabilities

OWASP Path Traversal: How It Works and How to Stop It

Path traversal lets an attacker reach files outside a web app's intended directory using sequences like ../../etc/passwd — here's how it works and the fixes that actually close it.

May 14, 20245 min read
Vulnerabilities

CVE-2023-4807: The OpenSSL POLY1305 Flaw on Windows

A cryptographic MAC that silently trashes CPU registers: why CVE-2023-4807 only bites Windows builds of OpenSSL, what it can actually do, and which releases fix it.

Feb 27, 20245 min read
Vulnerabilities

Notable CVEs of 2022: A Practitioner's Roundup

CVE-2022-31160 and a run of recursion-based denial-of-service bugs made 2022 a year defined less by exotic exploits and more by parsers that never expected deeply nested input.

Feb 14, 20245 min read
Vulnerabilities

Notable CVEs of 2023: A Practitioner's Roundup

From an OpenSSL IV-truncation flaw to a critical Babel code-execution bug, 2023's CVE crop is a good reminder that severity and blast radius don't always line up.

Jan 30, 20246 min read
Application Security

JSON Parsing Library Vulnerabilities You Should Know About

JSON is the lingua franca of APIs, but the libraries that parse it have had serious security issues. Here is what to watch for in your stack.

Sep 28, 20235 min read
Software Supply Chain Security

Compression Library Vulnerabilities: From zlib to the xz Backdoor

Compression libraries are everywhere and trusted implicitly. The xz backdoor proved that trust can be weaponized. Here is the full picture.

Sep 22, 20226 min read
Application Security

The OWASP Top 10 (2021) Through a Supply Chain Security Lens

The 2021 OWASP Top 10 added supply chain risks for the first time. Here is what each category means when your code is mostly someone else's code.

Jun 15, 20228 min read
Vulnerabilities (Page 2) — Safeguard Blog