Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

XML External Entity (XXE) injection explained

XXE injection lets attackers abuse XML parsers to read files, hit cloud metadata via SSRF, or crash servers — here's how it works and how to stop it.

Dec 13, 20257 min read
Vulnerability Analysis

Cross-site request forgery (CSRF) explained

CSRF forges authenticated requests using a victim's own session cookies. Learn how real attacks against Netflix and uTorrent worked, and how to stop them.

Dec 13, 20257 min read
Vulnerability Analysis

Open redirect vulnerabilities explained

Open redirect flaws (CWE-601) score as medium severity alone, but they power real phishing campaigns against Google, Amex, and Microsoft. Here's how they work and how to stop them.

Dec 12, 20257 min read
Vulnerability Analysis

Arbitrary file upload vulnerabilities explained

Arbitrary file upload flaws (CWE-434) have caused breaches from Equifax to GitLab. Here's how they work, the CVEs that prove it, and how to stop them.

Dec 12, 20257 min read
Vulnerability Analysis

Directory listing exposure risks explained

Directory listing vulnerabilities expose raw file trees via one misconfigured Apache, Nginx, or IIS directive. Here's how they happen and how to fix them.

Dec 12, 20257 min read
Vulnerability Analysis

Time-of-check to time-of-use (TOCTOU) race condition vulnerabilities

TOCTOU race conditions let attackers swap a resource between a security check and its use. Real CVEs, exploit mechanics, and prevention patterns explained.

Dec 12, 20257 min read
Vulnerability Analysis

Buffer overflow vulnerabilities explained

Buffer overflows still make MITRE's CWE Top 25 every year. Here's how they corrupt memory, real CVEs like EternalBlue and Baron Samedit, and how to stop them.

Dec 11, 20256 min read
Vulnerability Analysis

Use-after-free vulnerabilities explained

Use-after-free bugs (CWE-416) power some of the worst zero-day exploit chains in browsers and kernels. Here's how they work and what stops them.

Dec 11, 20257 min read
Vulnerability Analysis

Integer overflow vulnerabilities explained

What integer overflow vulnerabilities are, how CWE-190 causes real breaches like Bitcoin's 2010 overflow bug, and how to detect and prevent them.

Dec 11, 20256 min read
Vulnerability Analysis

Type confusion vulnerabilities explained

Type confusion bugs let attackers corrupt memory by exploiting mismatched type assumptions. See real CVEs, how JIT engines fail, and how to catch it early.

Dec 11, 20256 min read
Vulnerability Analysis

Format string vulnerabilities explained

Format string bugs let attackers turn a printf call into memory disclosure or arbitrary writes. Here's how CWE-134 works, real CVEs, and fixes.

Dec 10, 20256 min read
Vulnerability Analysis

NoSQL injection vulnerabilities explained

NoSQL injection lets attackers manipulate MongoDB-style queries via operators like $ne and $where. Learn how it works, real CVEs, and fixes.

Dec 10, 20257 min read
vulnerability-analysis (Page 19) — Safeguard Blog