Blog
Research & Tutorials
May 15, 2025
3 min read
CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation
Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.
Research & Tutorials
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution
A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.
May 8, 2025
2 min read
Research & Tutorials
CVE-2025-29927: Next.js Middleware Authorization Bypass
In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.
May 1, 2025
3 min read
Research & Tutorials
CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation
Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.
Apr 23, 2025
3 min read
Research & Tutorials
CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution
Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.
Apr 17, 2025
2 min read
Research & Tutorials
CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application
CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.
Apr 10, 2025
3 min read
Research & Tutorials
CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android
Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.
Mar 26, 2025
3 min read
Research & Tutorials
PostgreSQL Exploit
Sharpen your hacking skills! Learn from our walkthrough of a PostgreSQL exploit in the Nibbles machine on PG Practice.
Mar 12, 2025
4 min read
Research & Tutorials
CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability
Explore CVE-2025-21298, a critical Windows OLE zero-click flaw enabling RCE via email. Learn its risks, impact, and how to defend against attacks.
Feb 3, 2025
3 min read
Research & Tutorials
My Journey with IR-200: Becoming an OffSec Certified Incident Responder (OSIR)
Embark on a journey to become an OffSec Certified Incident Responder (OSIR) through the IR-200 course, as described by a Student Mentor who tested its effectiveness.
Jan 24, 2025
6 min read
Research & Tutorials
A Student Mentor’s TH-200 and OSTH Learning Experience
Explore the TH-200 course & OSTH exam with an OffSec Mentor’s insights on mastering threat hunting skills.
Jan 24, 2025
9 min read
Research & Tutorials
Post-quantum Cryptography in 2024
Explore post-quantum cryptography’s rise in 2024 and how new standards prepare us for future quantum attacks, ensuring secure data.
Aug 22, 2024
9 min read
Research & Tutorials
How to Become a Cybersecurity Engineer
Learn how to become a cybersecurity engineer, including the educational paths to follow, the crucial skills and certifications needed, and more.
Aug 8, 2024
11 min read