Oct 17, 2024

New Blue Team Training

Stay in the know: Become an OffSec Insider

Get the latest updates about resources, events & promotions from OffSec!

Latest from OffSec

Research & Tutorials

CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE

A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.

May 22, 2025

3 min read

Research & Tutorials

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.

May 15, 2025

3 min read

Research & Tutorials

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

May 8, 2025

2 min read

View all blogs

New course! SJD-100: Secure Java Development Essentials

New Blue Team Training

Stay in the know: Become an OffSec Insider

Latest from OffSec

CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution