Blog
News and updates from OffSec
Jun 5, 2025
2 min read
CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro
An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.
Insights
OffSec’s Take on the Global Generative AI Adoption Index
Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.
May 30, 2025
3 min read
Research & Tutorials
CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters
A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.
May 29, 2025
2 min read
Insights
Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience
A recap of our mental health OffSec LIVE session, with tips on ensuring intentional change, self-awareness, and digital resilience in cybersecurity.
May 28, 2025
8 min read
Research & Tutorials
CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE
A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.
May 22, 2025
2 min read
Research & Tutorials
CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation
Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.
May 15, 2025
3 min read
Research & Tutorials
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution
A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.
May 8, 2025
2 min read
Research & Tutorials
CVE-2025-29927: Next.js Middleware Authorization Bypass
In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.
May 1, 2025
3 min read
Enterprise Security
When AI Becomes the Weak Link: Rethinking Supply Chain Security
AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.
Apr 30, 2025
7 min read
Research & Tutorials
CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation
Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.
Apr 23, 2025
3 min read
Research & Tutorials
CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution
Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.
Apr 17, 2025
2 min read
Enterprise Security
How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience
Champion OSCP training in your organization to build a unified, resilient security team.
Apr 11, 2025
6 min read
Research & Tutorials
CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application
CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.
Apr 10, 2025
3 min read
Join the OffSec Community!
Our community members connect, communicate and collaborate on all things cybersecurity.