Home OffSec
  • Pricing
Blog | OffSec

Blog

News and updates from OffSec

CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence

Jun 12, 2025

CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence

Critical RCE vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server (v5.2–8.9.0) allows authenticated users to execute arbitrary code via malicious code macros.

Read more

Categories

CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization

Research & Tutorials

CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization

A critical RCE vulnerability (CVSS 9.9) in Roundcube Webmail (

Jun 12, 2025

3 min read

CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro

Research & Tutorials

CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro

An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.

Jun 5, 2025

2 min read

May 2025 Content & Platform Update

Product Updates

May 2025 Content & Platform Update

Jun 3, 2025

OffSec’s Take on the Global Generative AI Adoption Index

Insights

OffSec’s Take on the Global Generative AI Adoption Index

Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.

May 30, 2025

3 min read

CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters

Research & Tutorials

CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters

A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.

May 29, 2025

2 min read

Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience

Insights

Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience

A recap of our mental health OffSec LIVE session, with tips on ensuring intentional change, self-awareness, and digital resilience in cybersecurity.

May 28, 2025

8 min read

CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE

Research & Tutorials

CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE

A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.

May 22, 2025

2 min read

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Research & Tutorials

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.

May 15, 2025

3 min read

April 2025 Content & Platform Update

Product Updates

April 2025 Content & Platform Update

May 12, 2025

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

Research & Tutorials

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

May 8, 2025

2 min read

CVE-2025-29927: Next.js Middleware Authorization Bypass

Research & Tutorials

CVE-2025-29927: Next.js Middleware Authorization Bypass

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

May 1, 2025

3 min read

When AI Becomes the Weak Link: Rethinking Supply Chain Security

Enterprise Security

When AI Becomes the Weak Link: Rethinking Supply Chain Security

AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.

Apr 30, 2025

7 min read

Showing 14 - 26 of 409 entries

Join the OffSec Community!

Our community members connect, communicate and collaborate on all things cybersecurity.

By submitting this form, I agree to the processing of my personal data by OffSec as described in the Privacy Policy.