Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

Spring Security OAuth2 client vulnerability (CVE-2022-31690)

CVE-2022-31690 in Spring Security's OAuth2 client can let one principal obtain another's token. Here's the impact, CVSS/EPSS context, and how to remediate.

Dec 22, 20257 min read
Vulnerability Analysis

Apache Solr XXE remote code execution (CVE-2017-12629)

CVE-2017-12629 chains XXE and Solr's RunExecutableListener into unauthenticated RCE. Affected versions, timeline, and concrete remediation steps.

Dec 22, 20257 min read
Vulnerability Analysis

CVE analysis: vulnerabilities in SCADA and industrial con...

A SCADA industrial control CVE analysis of CVE-2018-8872, the Triconex Tricon flaw behind the TRITON safety-system attack — affected versions, CVSS context, timeline, and remediation.

Dec 21, 20258 min read
Vulnerability Analysis

Docker Engine crafted image denial of service (CVE-2021-21285)

CVE-2021-21285 lets a crafted container image crash Docker Engine before 20.10.3. Affected versions, severity, timeline, and remediation steps.

Dec 15, 20257 min read
Vulnerability Analysis

Docker Engine remap-root UID mapping vulnerability (CVE-2021-21284)

CVE-2021-21284 let remapped-root containers escalate to real host root, defeating Docker's userns-remap isolation. Here's the full breakdown and fix.

Dec 15, 20256 min read
Vulnerability Analysis

What is prototype pollution and why it keeps recurring in npm packages

Prototype pollution has hit lodash, jQuery, minimist, hoek, and immer since 2018. Here's how the bug works and why it keeps coming back in npm.

Dec 15, 20256 min read
Vulnerability Analysis

Path traversal vulnerabilities explained with real-world examples

Path traversal (CWE-22) has powered CVEs from Apache to Citrix to F5. Here's how it works, real breaches, and how to stop it.

Dec 14, 20256 min read
Vulnerability Analysis

Server-Side Request Forgery (SSRF): how it works and how to prevent it

SSRF turns a server into an attacker's proxy into your internal network. Here's how it works, what Capital One's breach taught the industry, and how to stop it.

Dec 14, 20256 min read
Vulnerability Analysis

Cross-site scripting (XSS) explained for developers

XSS has topped vulnerability lists for two decades. Here's how reflected, stored, and DOM-based XSS actually work, real incidents, and how to fix them.

Dec 14, 20257 min read
Vulnerability Analysis

SQL injection: a complete developer's guide

A developer's guide to SQL injection: how it works, why CWE-89 still ranks in MITRE's Top 25, real breaches, and how to detect and fix it.

Dec 14, 20257 min read
Vulnerability Analysis

OS command injection explained

OS command injection lets attackers run arbitrary shell commands via unsanitized input. See how it works, real CVEs like PAN-OS 2024, and fixes.

Dec 13, 20256 min read
Vulnerability Analysis

Insecure deserialization vulnerabilities explained

Insecure deserialization vulnerabilities let attackers turn trusted classes into gadget chains for RCE. See real CVEs, affected languages, and fixes.

Dec 13, 20256 min read
vulnerability-analysis (Page 18) — Safeguard Blog