Posts by Amit Sheps

• Research

CVE-2025-14733 is a high-severity authentication bypass vulnerability that can allow unauthenticated access to protected web applications and APIs. This blog explains affected assets, potential risk, available fixes, recommended actions, and how CyCognito helps organizations identify and reduce exposure.

• Research

CVE-2025-55182 is a critical RCE vulnerability in React Server Components affecting React 19 and Next.js applications. This blog explains what’s impacted, how attackers can exploit it, available patches, recommended actions, and how CyCognito helps organizations identify and prioritize exposed assets.

• Research

CVE-2025-41115 is a critical privilege escalation and user impersonation vulnerability in Grafana Enterprise. An attacker who exploits it can impersonate an administrator, modify dashboards and alerts, access connected databases and observability data, and pivot into other integrated systems.

• Research

CVE-2025-64459 is a critical SQL injection flaw in Django’s ORM exposing internet-facing apps to unauthenticated data compromise. Learn which assets are at risk, what patches are available, and how CyCognito helps find and prioritize vulnerable systems across your attack surface.

• Research

CVE-2025-64095 is a critical file-upload vulnerability in DNN that allows unauthenticated attackers to overwrite site content and inject malicious code. Learn what’s affected, how to mitigate the risk, and how CyCognito helps identify vulnerable external assets.

• Research

CVE-2025-55752 is a path traversal vulnerability in Apache Tomcat that can bypass security controls and, in configurations allowing HTTP PUT, enable malicious file uploads leading to potential remote code execution. Proof-of-concept code is available, and cybersecurity authorities warn exploitation attempts are likely.