Live Training: Dallas, TX, USA

September 11-15 2023

OffSec Team

0 min read

Stay in the know: Become an OffSec Insider

Get the latest updates about resources, events & promotions from OffSec!

Latest from OffSec

Research & Tutorials

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.

May 15, 2025

3 min read

Research & Tutorials

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

May 8, 2025

2 min read

Research & Tutorials

CVE-2025-29927: Next.js Middleware Authorization Bypass

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

May 1, 2025

3 min read

View all blogs

New course! SJD-100: Secure Java Development Essentials

Live Training: Dallas, TX, USA

Stay in the know: Become an OffSec Insider

Latest from OffSec

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

CVE-2025-29927: Next.js Middleware Authorization Bypass