Blog
News and updates from OffSec
Jun 26, 2025
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Categories
OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read
Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read
Research & Tutorials
CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence
Critical RCE vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server (v5.2–8.9.0) allows authenticated users to execute arbitrary code via malicious code macros.
Jun 12, 2025
1 min read
Research & Tutorials
CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization
A critical RCE vulnerability (CVSS 9.9) in Roundcube Webmail (
Jun 12, 2025
3 min read
Research & Tutorials
CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro
An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.
Jun 5, 2025
2 min read
Product Updates
May 2025 Content & Platform Update
Jun 3, 2025
Insights
OffSec’s Take on the Global Generative AI Adoption Index
Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.
May 30, 2025
3 min read
Research & Tutorials
CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters
A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.
May 29, 2025
2 min read
Insights
Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience
A recap of our mental health OffSec LIVE session, with tips on ensuring intentional change, self-awareness, and digital resilience in cybersecurity.
May 28, 2025
8 min read
Research & Tutorials
CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE
A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.
May 22, 2025
2 min read
Research & Tutorials
CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation
Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.
May 15, 2025
3 min read
Product Updates
April 2025 Content & Platform Update
May 12, 2025
Join the OffSec Community!
Our community members connect, communicate and collaborate on all things cybersecurity.