vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
Path traversal vulnerabilities explained with real-world examples
Path traversal (CWE-22) has powered CVEs from Apache to Citrix to F5. Here's how it works, real breaches, and how to stop it.
Privilege escalation vulnerabilities explained
Privilege escalation vulnerabilities turn a low-privilege foothold into root or admin access. Learn how they work, key CVEs, and how to detect them.
RubyGems Escape Sequence Injection via Gem Name Output (C...
A look at CVE-2019-8321, the RubyGems escape sequence injection flaw in gem CLI output: affected versions, severity, and how to remediate it.
The ROI of Vulnerability Remediation Automation: Numbers That Justify the Investment
Manual vulnerability remediation costs more than most organizations realize. Breaking down the real costs, time savings, and risk reduction that automation delivers.
Node.js runtime CVE roundup
A roundup of Node.js runtime CVEs since 2024 — command injection, HTTP smuggling, permission bypasses, and why runtime flaws evade typical dependency scanners.
Jenkins Stapler Unauthenticated RCE Mass-Exploited for Cr...
CVE-2018-1000861 let attackers hit Jenkins Stapler unauthenticated, planting cryptomining malware on exposed CI/CD build servers across the internet.
Jenkins CLI Java Deserialization Remote Code Execution (C...
CVE-2017-1000353 let attackers gain unauthenticated RCE on Jenkins via CLI Java deserialization. Here's the impact, timeline, and how to remediate it.
Jenkins CLI Deserialization RCE via Commons-Collections G...
CVE-2015-8103: unauthenticated RCE in Jenkins CLI via a Commons-Collections deserialization gadget chain. Impact, timeline, and remediation.
Helm 2 Tiller's Default Unauthenticated gRPC Endpoint (CV...
CVE-2019-18658 shows how Helm 2's Tiller ran an unauthenticated gRPC endpoint by default, letting network-adjacent attackers seize cluster-admin control.
Most vulnerable Go packages report
Safeguard's 2026 analysis ranks the most vulnerable Go packages by exposure-weighted risk, revealing why a handful of core modules drive most CVE impact.
Go standard library CVE trend report
A trend analysis of Go standard library CVEs from HTTP/2 Rapid Reset to crypto/x509 parsing bugs — and why "it's stdlib" is not a safe-harbor assumption.
Container image supply chain attack trends
Container images have become the software supply chain's most contested attack surface. A look at the xz-utils backdoor, registry-borne malware campaigns, and the detection gaps behind them.