Tag: OffSec

Discover CVE-2025-30208, a critical arbitrary file read vulnerability in the Vite development server. Learn how remote attackers exploit @fs URL handling to access sensitive files. The post CVE-2025-30208 – Vite Arbitrary File Read via @fs Path Traversal Bypass appeared first…

Read more →

Discover how CVE-2025-27136, a critical XXE vulnerability in LocalS3’s CreateBucketConfiguration endpoint, can be exploited to access sensitive files. Learn how the flaw works and how to mitigate it. The post CVE-2025-27136 – LocalS3 CreateBucketConfiguration Endpoint XXE Injection appeared first on…

Read more →

Hire cyber talent with confidence: OffSec certifications prove candidates can perform under pressure, not just talk the talk. The post How OffSec Certifications Help You Hire With Confidence appeared first on OffSec. This article has been indexed from OffSec Read…

Read more →

CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers. The post CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability appeared first on OffSec. This article has…

Read more →

Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering. The post What is Phishing? Introduction to Phishing Demo (for Beginners) appeared first on OffSec. This…

Read more →

Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it. The post CVE-2025-27636 – Remote Code Execution in…

Read more →

Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells. The post CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php…

Read more →

Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills. The post What It Really Means to “Try Harder” appeared first on OffSec. This article has been indexed…

Read more →

Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills. The post What It Really Means to “Try Harder” appeared first on OffSec. This article has been indexed…

Read more →

CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system. The post CVE-2025-3248 – Unauthenticated Remote Code Execution…

Read more →

A critical RCE vulnerability (CVSS 9.9) in Roundcube Webmail (

Read more →

Critical RCE vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server (v5.2–8.9.0) allows authenticated users to execute arbitrary code via malicious code macros. The post CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence appeared first on…

Read more →

An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access. The post CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro appeared first on OffSec. This article…

Read more →

A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint. The post CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom…

Read more →

Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS. The post OffSec’s Take on the Global Generative AI Adoption Index appeared first on OffSec. This article has been indexed from OffSec Read the original…

Read more →

A recap of our mental health OffSec LIVE session, with tips on ensuring intentional change, self-awareness, and digital resilience in cybersecurity. The post Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience appeared first on OffSec. This article has been indexed…

Read more →

A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions. The post CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE appeared…

Read more →

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences. The post CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation appeared first on OffSec.…

Read more →

A criticial SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise. The post CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution appeared first on OffSec. This article has been indexed…

Read more →

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header. The post CVE-2025-29927: Next.js Middleware Authorization Bypass appeared first on OffSec. This article has been indexed from OffSec Read the original…

Read more →