[VULNERABILITY ALERT] ISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/01/12-2026/01/18)

• Subject: [VULNERABILITY ALERT] ISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/01/12-2026/01/18)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000015
  • [CVE-2025-8110] Gogs Path Traversal Vulnerability (CVSS v3.1: 8.8)
  • [Ransomware Exploitation: Unknown] Gogs contains a path traversal vulnerability where the PutContents API improperly handles symbolic links, which could lead to remote code execution.
  • [CVE-2026-20805] Microsoft Windows Information Disclosure Vulnerability (CVSS v3.1: 5.5)
  • [Ransomware Exploitation: Unknown] Microsoft Windows Desktop Window Manager contains an information disclosure vulnerability that allows an authorized attacker to leak information locally.
• Affected Platforms:
  • [CVE-2025-8110] Please refer to the affected versions listed officially: https://github.com/gogs/gogs/pull/8078
  • [CVE-2026-20805] Please refer to the affected versions listed officially: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
• Recommended Actions:
  • [CVE-2025-8110] Official security updates have been released. Please update to the relevant versions: https://github.com/gogs/gogs/pull/8078
  • [CVE-2026-20805] Official security updates have been released. Please update to the relevant versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

Computer and Communication Center
Network Systems Division, Respectfully