vulnerability
Safeguard articles tagged "vulnerability" — guides, analysis, and best practices for software supply chain and application security.
16 articles
Vulnerability vs Exploit vs Threat: What's the Difference?
A vulnerability is a weakness, an exploit is the tool that abuses it, and a threat is the actor who wants to. Confusing them muddles how you prioritize risk.
What Is a CVE? Understanding Vulnerability IDs
A CVE is a unique public ID given to a specific known security weakness, so everyone can talk about the same flaw without confusion. Here's how the system works.
What Is a Vulnerability? A Plain-English Guide
A vulnerability is a weakness in software that an attacker can misuse to do something they shouldn't. Here's what that means, why it matters, and how teams find and fix them.
XSS Variants: Griffin AI vs Mythos
Stored, reflected, DOM, mutation, and template-injection XSS each live in a different part of the application and demand a different analysis. Griffin's engine understands template contexts, framework escaping rules, and client-side sinks; Mythos reads HTML and hopes. The difference shows up the moment you leave textbook territory.
Path Traversal: Griffin AI vs Mythos
Path traversal is the vulnerability class that punishes lazy analysis. Framework-specific path normalisation, OS-dependent separators, symbolic link resolution, and archive extraction all hide exploitable gaps behind code that looks defensive. Griffin's engine resolves path operations with actual semantics; Mythos reads the variable name and calls it a day.
SSRF Detection: Griffin AI vs Mythos
Server-side request forgery is a test of how well your scanner understands the boundary between trusted and untrusted URLs. Griffin's engine resolves URL construction through string builders, template engines, and HTTP client configuration; Mythos reads the code and guesses. On modern applications that is the difference between a finding you can ship and a finding you cannot defend.
Deserialization Vulnerabilities: Griffin AI vs Mythos
Unsafe deserialization looks obvious on a slide and impossible on a real codebase. Sinks are language-specific, gadgets live in third-party libraries, and the tainted byte can arrive wrapped in six layers of framework ceremony. Griffin's engine-plus-LLM design handles each of those concerns separately; Mythos-style pure-LLM scanners blur them into pattern-matching.
SQL Injection Chains: Griffin AI vs Mythos
SQL injection stopped being a single-line bug years ago. Modern chains stitch a tainted parameter through ORMs, caches, background jobs, and downstream services. Griffin AI's engine-plus-LLM architecture follows the taint across those hops; Mythos-class pure-LLM scanners summarise one file at a time and lose the thread.
CVSS 4.0 Scoring Adoption: What Changed
Two years after CVSS 4.0's release, adoption remains uneven. Here is where scoring really changed, where it did not, and how to handle mixed datasets.
Citrix NetScaler CVE-2025 Vulnerabilities: Another Year, Another Gateway Crisis
Citrix NetScaler started 2025 with multiple critical CVEs affecting ADC and Gateway products. We break down the technical details and the recurring pattern.
Progress MOVEit: Second Critical Vulnerability Discovered Amid Breach Fallout
While organizations were still reeling from the first MOVEit zero-day, a second critical vulnerability was found — raising questions about the product's security.
Business Logic Vulnerabilities: The Flaws Scanners Cannot Find
Business logic vulnerabilities bypass every automated scanner because they are not coding errors. They are design errors. Here is how to identify and prevent them.