vulnerability-analysis
Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.
360 articles
Ivanti EPMM CVE-2026-6973: Authenticated RCE on CISA KEV in May 2026
Ivanti disclosed CVE-2026-6973 on May 7, 2026, an improper-input-validation RCE in Endpoint Manager Mobile already seeing limited exploitation. CISA gave federal agencies a three-day patch deadline.
Spring4Shell RCE vulnerability explained CVE-2022-22965
CVE-2022-22965 (Spring4Shell) lets attackers achieve unauthenticated RCE on Spring MVC/Tomcat apps. Here's the CVSS/EPSS/KEV data, timeline, and fixes.
Citrix NetScaler CVE-2026-3055: The SAML Memory-Overread CitrixBleed Echo of 2026
CVE-2026-3055 is an unauthenticated memory overread in NetScaler ADC/Gateway configured as a SAML IdP, CVSS 9.3, exploited since late March 2026 and drawing direct CitrixBleed comparisons. Full analysis.
Text4Shell RCE in Apache Commons Text CVE-2022-42889
CVE-2022-42889 (Text4Shell) is a 9.8-severity RCE in Apache Commons Text 1.5-1.9. Learn affected versions, timeline, and remediation steps.
HTTP/2 Rapid Reset zero-day vulnerability CVE-2023-44487
CVE-2023-44487 "HTTP/2 Rapid Reset" enabled record-breaking DDoS attacks via stream-reset abuse. Impact, affected stacks, and remediation steps.
Unsafe deserialization in SnakeYAML CVE-2022-1471
CVE-2022-1471 lets attackers achieve RCE via SnakeYAML's unsafe Constructor. Learn affected versions, CVSS/EPSS context, and remediation steps.
The XZ backdoor CVE-2024-3094 deep dive
A technical deep dive into CVE-2024-3094, the XZ Utils/liblzma SSH backdoor: affected versions, severity context, full timeline, and remediation steps.
Terrapin SSH protocol downgrade attack explained
Terrapin (CVE-2023-48795) lets an on-path attacker silently strip packets from SSH handshakes. Here's how the downgrade works and how to check exposure.
Heartbleed OpenSSL vulnerability retrospective
A decade later, Heartbleed (CVE-2014-0160) still explains why software supply chain visibility matters: severity, timeline, and remediation steps revisited.
Shellshock Bash vulnerability retrospective
A decade-plus retrospective on Shellshock (CVE-2014-6271): how a Bash parsing flaw led to critical, KEV-listed remote code execution.
Zip Slip: archive extraction path traversal explained
Zip Slip lets malicious archives write files outside their extraction folder via ../ paths — how it works, real CVEs, and how to detect and fix it.
jQuery prototype pollution vulnerability re-emerges
jQuery's prototype pollution flaw (CVE-2019-11358) keeps surfacing in 2026 dependency scans. Here's why it persists and how to remediate it.