Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

Secrets leakage in Docker images explained

How credentials get baked into Docker image layers, real incidents that exposed them, and how to detect and stop secrets leakage in container images.

Dec 3, 20257 min read
Open Source Security

RubyGems Escape Sequence Injection via Unpack API (CVE-20...

CVE-2019-8325 lets a malicious RubyGems package inject terminal escape sequences via the unpack API. Here's the impact, affected versions, and how to remediate it.

Dec 3, 20258 min read
Vulnerability Analysis

Terraform infrastructure-as-code misconfiguration explained

Terraform misconfigurations — not zero-days — cause most cloud breaches. Here's how they happen, real incidents they caused, and how to catch them pre-deploy.

Dec 3, 20257 min read
Vulnerability Analysis

Cloud IAM privilege escalation paths explained

A breakdown of how cloud IAM privilege escalation paths work across AWS, GCP, and Azure, with real permission chains and breach examples.

Dec 3, 20257 min read
Vulnerability Analysis

S3 bucket misconfiguration vulnerabilities explained

S3 misconfigurations have exposed hundreds of millions of records in breaches from Deep Root Analytics to Capital One. Here's how they happen and how to catch them.

Dec 3, 20256 min read
Vulnerability Analysis

Prompt injection vulnerabilities in LLM applications explained

Prompt injection is OWASP's #1 LLM risk. See real CVEs like Vanna.AI's RCE flaw and how to detect and stop it.

Dec 2, 20257 min read
Vulnerability Analysis

Python Pickle deserialization risk explained

Pickle deserialization lets attacker-controlled data execute arbitrary code on load. Here's how the exploit works, real CVEs, and how to fix it.

Dec 2, 20257 min read
Vulnerability Analysis

Java deserialization gadget chains explained

Java deserialization gadget chains turn trusted classpath libraries into RCE. Learn how they work, key CVEs like CVE-2015-4852, and how to detect them.

Dec 2, 20256 min read
Vulnerability Analysis

Regular expression injection explained

Regex injection lets attackers rewrite pattern logic or trigger ReDoS. See real CVEs, exploit examples, and how to detect and fix it in your code.

Dec 2, 20257 min read
Vulnerability Analysis

Argument injection vulnerabilities explained

How argument injection (CWE-88) vulnerabilities work, real CVEs like PHPMailer and Git ssh URLs, and how teams detect and prevent CWE-88 flaws.

Dec 1, 20257 min read
Vulnerability Analysis

Improper input validation (CWE-20) explained

CWE-20 explained: how improper input validation causes SQLi, RCE, and DoS, with real CVEs like Equifax's Struts breach and how to detect and fix it.

Dec 1, 20257 min read
Vulnerability Analysis

Sensitive data exposure in application logs explained

Passwords, tokens, and PII often end up readable in plaintext logs. Here's how CWE-532 exposures happen, real breaches they caused, and how to fix them.

Dec 1, 20257 min read
vulnerability-analysis (Page 22) — Safeguard Blog