Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000015
[Content Description]
【CVE-2025-8110】Gogs Path Traversal Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】 Gogs has a path traversal vulnerability. Improper handling of symbolic links by the PutContents API could lead to remote code execution.
【CVE-2026-20805】Microsoft Windows Information Disclosure Vulnerability (CVSS v3.1: 5.5)
【Exploited by Ransomware: Unknown】 Microsoft Windows Desktop Windows Manager has an information disclosure vulnerability that allows an authorized attacker to disclose information on the local machine.
[Affected Platforms]
【CVE-2025-8110】Please refer to the official list of affected versions: https://github.com/gogs/gogs/pull/8078
【CVE-2026-20805】Please refer to the official list of affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
[Recommended Actions]
【CVE-2025-8110】An official patch update has been released for this vulnerability. Please update to the relevant version: https://github.com/gogs/gogs/pull/8078
【CVE-2026-20805】An official patch update has been released for this vulnerability. Please update to the relevant version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
[Security Vulnerability Alert] Two known vulnerabilities exploited by hackers have been added to the KEV directory for ISA (2026/01/12-2026/01/18).
Type:行政公告
Pubish Date:2026/01/20 至 2026/07/20
Visitors:18
返回列表
