Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills. The post What It Really Means to “Try Harder” appeared first on OffSec. This article has been indexed…
Tag: OffSec
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system. The post CVE-2025-3248 – Unauthenticated Remote Code Execution…
CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization
A critical RCE vulnerability (CVSS 9.9) in Roundcube Webmail (
CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence
Critical RCE vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server (v5.2–8.9.0) allows authenticated users to execute arbitrary code via malicious code macros. The post CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence appeared first on…
CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro
An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access. The post CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro appeared first on OffSec. This article…
CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters
A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint. The post CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom…
OffSec’s Take on the Global Generative AI Adoption Index
Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS. The post OffSec’s Take on the Global Generative AI Adoption Index appeared first on OffSec. This article has been indexed from OffSec Read the original…
Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience
A recap of our mental health OffSec LIVE session, with tips on ensuring intentional change, self-awareness, and digital resilience in cybersecurity. The post Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience appeared first on OffSec. This article has been indexed…
CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE
A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions. The post CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE appeared…
CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation
Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences. The post CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation appeared first on OffSec.…