Home OffSec
  • Pricing
Blog | OffSec

Blog

News and updates from OffSec

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

May 8, 2025

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

Read more

Categories

CVE-2025-29927: Next.js Middleware Authorization Bypass

Research & Tutorials

CVE-2025-29927: Next.js Middleware Authorization Bypass

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

May 1, 2025

3 min read

When AI Becomes the Weak Link: Rethinking Supply Chain Security

Enterprise Security

When AI Becomes the Weak Link: Rethinking Supply Chain Security

AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.

Apr 30, 2025

7 min read

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Research & Tutorials

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.

Apr 23, 2025

3 min read

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Research & Tutorials

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.

Apr 17, 2025

2 min read

How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Enterprise Security

How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Champion OSCP training in your organization to build a unified, resilient security team.

Apr 11, 2025

6 min read

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

Research & Tutorials

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.

Apr 10, 2025

3 min read

AI Penetration Testing: How to Secure LLM Systems

Penetration Testing

AI Penetration Testing: How to Secure LLM Systems

Explore how AI penetration testing enhances LLM security, addressing unique vulnerabilities and improving cyber defenses.

Apr 3, 2025

8 min read

March 2025 Content & Platform Update

Product Updates

March 2025 Content & Platform Update

Mar 27, 2025

CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android

Research & Tutorials

CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android

Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.

Mar 26, 2025

3 min read

Learn Secure Java Development with OffSec’s New Course

OffSec News

Learn Secure Java Development with OffSec’s New Course

Master secure Java coding with OffSec’s SJD-100 course. Enhance app security and gain hands-on experience to secure your coding practices.

Mar 18, 2025

4 min read

Creating an Inclusive Cybersecurity Culture

Insights

Creating an Inclusive Cybersecurity Culture

Transform your cybersecurity culture by strategically improving women’s representation and cultivating meaningful inclusion.

Mar 17, 2025

4 min read

PostgreSQL Exploit

Research & Tutorials

PostgreSQL Exploit

Sharpen your hacking skills! Learn from our walkthrough of a PostgreSQL exploit in the Nibbles machine on PG Practice.

Mar 12, 2025

4 min read

Showing 27 - 39 of 411 entries

Join the OffSec Community!

Our community members connect, communicate and collaborate on all things cybersecurity.

By submitting this form, I agree to the processing of my personal data by OffSec as described in the Privacy Policy.