Home OffSec
  • Pricing
Blog | OffSec

Blog

News and updates from OffSec

May 22, 2025

2 min read

CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE

A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.

Read more

Research & Tutorials

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.

May 15, 2025

3 min read

Research & Tutorials

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

May 8, 2025

2 min read

Research & Tutorials

CVE-2025-29927: Next.js Middleware Authorization Bypass

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

May 1, 2025

3 min read

Enterprise Security

When AI Becomes the Weak Link: Rethinking Supply Chain Security

AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.

Apr 30, 2025

7 min read

Research & Tutorials

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.

Apr 23, 2025

3 min read

Research & Tutorials

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.

Apr 17, 2025

2 min read

Enterprise Security

How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Champion OSCP training in your organization to build a unified, resilient security team.

Apr 11, 2025

6 min read

Research & Tutorials

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.

Apr 10, 2025

3 min read

Penetration Testing

AI Penetration Testing: How to Secure LLM Systems

Explore how AI penetration testing enhances LLM security, addressing unique vulnerabilities and improving cyber defenses.

Apr 3, 2025

8 min read

Research & Tutorials

CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android

Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.

Mar 26, 2025

3 min read

OffSec News

Learn Secure Java Development with OffSec’s New Course

Master secure Java coding with OffSec’s SJD-100 course. Enhance app security and gain hands-on experience to secure your coding practices.

Mar 18, 2025

4 min read

Insights

Creating an Inclusive Cybersecurity Culture

Transform your cybersecurity culture by strategically improving women’s representation and cultivating meaningful inclusion.

Mar 17, 2025

4 min read

Showing 14 - 26 of 394 entries

Join the OffSec Community!

Our community members connect, communicate and collaborate on all things cybersecurity.

By submitting this form, I agree to the processing of my personal data by OffSec as described in the Privacy Policy.