[Security Vulnerability Alert] Two known vulnerabilities exploited by hackers have been added to the KEV directory for ISA (2026/01/12-2026/01/18).

[Security Vulnerability Alert] Two known vulnerabilities exploited by hackers have been added to the KEV directory for ISA (2026/01/12-2026/01/18).

2026/1/20 ～ 2026/7/20

View Count：37

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000015

[Content Description]
【CVE-2025-8110】Gogs Path Traversal Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】 Gogs has a path traversal vulnerability. Improper handling of symbolic links by the PutContents API could lead to remote code execution.

【CVE-2026-20805】Microsoft Windows Information Disclosure Vulnerability (CVSS v3.1: 5.5)
【Exploited by Ransomware: Unknown】 Microsoft Windows Desktop Windows Manager has an information disclosure vulnerability that allows an authorized attacker to disclose information on the local machine.

[Affected Platforms]
【CVE-2025-8110】Please refer to the official list of affected versions: https://github.com/gogs/gogs/pull/8078

【CVE-2026-20805】Please refer to the official list of affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

[Recommended Actions]
【CVE-2025-8110】An official patch update has been released for this vulnerability. Please update to the relevant version: https://github.com/gogs/gogs/pull/8078

【CVE-2026-20805】An official patch update has been released for this vulnerability. Please update to the relevant version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

[Security Vulnerability Alert] Two known vulnerabilities exploited by hackers have been added to the KEV directory for ISA (2026/01/12-2026/01/18).

2026/1/20 ～ 2026/7/20

View Count：37

Files

None

【Back】