Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

Ivanti EPMM CVE-2026-6973: Authenticated RCE on CISA KEV in May 2026

Ivanti disclosed CVE-2026-6973 on May 7, 2026, an improper-input-validation RCE in Endpoint Manager Mobile already seeing limited exploitation. CISA gave federal agencies a three-day patch deadline.

May 8, 202610 min read
Vulnerability Analysis

Spring4Shell RCE vulnerability explained CVE-2022-22965

CVE-2022-22965 (Spring4Shell) lets attackers achieve unauthenticated RCE on Spring MVC/Tomcat apps. Here's the CVSS/EPSS/KEV data, timeline, and fixes.

May 7, 20267 min read
Vulnerability Analysis

Citrix NetScaler CVE-2026-3055: The SAML Memory-Overread CitrixBleed Echo of 2026

CVE-2026-3055 is an unauthenticated memory overread in NetScaler ADC/Gateway configured as a SAML IdP, CVSS 9.3, exploited since late March 2026 and drawing direct CitrixBleed comparisons. Full analysis.

May 6, 202611 min read
Vulnerability Analysis

Text4Shell RCE in Apache Commons Text CVE-2022-42889

CVE-2022-42889 (Text4Shell) is a 9.8-severity RCE in Apache Commons Text 1.5-1.9. Learn affected versions, timeline, and remediation steps.

May 6, 20267 min read
Vulnerability Analysis

HTTP/2 Rapid Reset zero-day vulnerability CVE-2023-44487

CVE-2023-44487 "HTTP/2 Rapid Reset" enabled record-breaking DDoS attacks via stream-reset abuse. Impact, affected stacks, and remediation steps.

May 6, 20267 min read
Vulnerability Analysis

Unsafe deserialization in SnakeYAML CVE-2022-1471

CVE-2022-1471 lets attackers achieve RCE via SnakeYAML's unsafe Constructor. Learn affected versions, CVSS/EPSS context, and remediation steps.

May 6, 20267 min read
Vulnerability Analysis

The XZ backdoor CVE-2024-3094 deep dive

A technical deep dive into CVE-2024-3094, the XZ Utils/liblzma SSH backdoor: affected versions, severity context, full timeline, and remediation steps.

May 5, 20268 min read
Vulnerability Analysis

Terrapin SSH protocol downgrade attack explained

Terrapin (CVE-2023-48795) lets an on-path attacker silently strip packets from SSH handshakes. Here's how the downgrade works and how to check exposure.

May 5, 20266 min read
Vulnerability Analysis

Heartbleed OpenSSL vulnerability retrospective

A decade later, Heartbleed (CVE-2014-0160) still explains why software supply chain visibility matters: severity, timeline, and remediation steps revisited.

May 4, 20267 min read
Vulnerability Analysis

Shellshock Bash vulnerability retrospective

A decade-plus retrospective on Shellshock (CVE-2014-6271): how a Bash parsing flaw led to critical, KEV-listed remote code execution.

May 4, 20267 min read
Vulnerability Analysis

Zip Slip: archive extraction path traversal explained

Zip Slip lets malicious archives write files outside their extraction folder via ../ paths — how it works, real CVEs, and how to detect and fix it.

May 3, 20267 min read
Vulnerability Analysis

jQuery prototype pollution vulnerability re-emerges

jQuery's prototype pollution flaw (CVE-2019-11358) keeps surfacing in 2026 dependency scans. Here's why it persists and how to remediate it.

May 2, 20268 min read
vulnerability-analysis (Page 2) — Safeguard Blog