Exploited Vulnerabilities Archives

Tech Optimizer

March 7, 2026

CVE-2026-3172 Impact, Exploitability, and Mitigation Steps

On February 25, 2026, a high-severity vulnerability affecting PostgreSQL and its extension, pgVector, was disclosed, with a CNA score of 8.1. The affected technologies are PostgreSQL and pgVector. There are currently no public or known exploits listed in the CISA Known Exploited Vulnerabilities (KEV) database, and the exploitation probability percentile is 14.5%. The vulnerability impacts specific packages and libraries, including pgvector and postgresql18-pgvector. Organizations are advised to monitor for updates and apply necessary patches.

Winsage

February 17, 2026

Microsoft Windows 11 KB5077181 Update Triggers Infinite Restart Loop on Some Devices

Microsoft's Patch Tuesday update, KB5077181, released on February 10, 2026, has caused significant boot failures for users of Windows 11 versions 24H2 (OS build 26200.7840) and 25H2 (OS build 26100.7840), resulting in endless restart loops. Users are reporting over 15 reboot cycles, preventing access to their desktops. Issues include System Event Notification Service (SENS) errors and DHCP problems affecting internet connectivity. Installation errors with codes 0x800f0983 and 0x800f0991 indicate potential hardware, driver, or servicing stack incompatibilities. The update was intended to address 58 vulnerabilities, including six zero-days, but the boot loop issue has overshadowed these enhancements. CVE IDs and their CVSS scores related to the vulnerabilities addressed include: - CVE-2026-21510: 7.5 - CVE-2026-21519: 7.8 - CVE-2026-21533: 8.8 - CVE-2026-20841: 7.1 As of February 15, 2026, there is no "known issues" entry in Microsoft's release notes despite user reports. Users can uninstall the update through the Control Panel if their systems are accessible, or use the Windows Recovery Environment to execute commands for uninstallation if their systems are unbootable.

Winsage

February 16, 2026

Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop

Microsoft's security update KB5077181, released on February 10, 2026, for Windows 11 versions 24H2 and 25H2, has caused critical boot failures, leading to infinite restart loops for users. The update addresses 58 vulnerabilities, including six zero-day exploits, and introduces new Secure Boot certificates. Users have reported errors such as “a specified procedure could not be found” and DHCP failures, with installation errors like 0x800f0983 and 0x800f0991 affecting specific hardware. To resolve issues, users are advised to uninstall the update and pause Windows Update. Accessing the Windows Recovery Environment may also be necessary for persistent boot loops. While some users experienced improvements, the overall instability highlights risks associated with updates. Microsoft has not acknowledged any known issues related to this update as of February 15.

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Windows vulnerability, CVE-2026-20805, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 8.7. This vulnerability, part of the January 2026 Patch Tuesday updates, affects the Windows Desktop Window Manager and allows attackers to leak memory information, potentially aiding in further exploits. Federal Civilian Executive Branch agencies must address this vulnerability by February 3, 2026, as mandated by Binding Operational Directive 22-01.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

December 20, 2025

Windows RemoteApp problems, ferry malware arrest, Senator’s open-source warning

Microsoft's December 2025 security update disrupts Message Queuing (MSMQ) on older Windows 10 and Server systems. A subsequent November 2025 update causes RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices, particularly in Azure Virtual Desktop environments, although Windows Home or Pro editions remain unaffected. French authorities arrested two crew members of an Italian ferry for allegedly installing malware that could allow remote control of the vessel; one suspect has been released while the other is in custody. Tom Cotton, Chairman of the Senate Intelligence Committee, has urged action on vulnerabilities in open-source software, citing concerns about foreign adversaries inserting malicious code. A zero-day exploit, CVE-2025-20393, affecting Cisco email security products has been exploited by Chinese hackers since late November. DXS International reported a cybersecurity incident involving unauthorized access to its internal servers, with an investigation ongoing. A report from Resecurity indicates a rise in the criminal use of DIG AI for generating tips for illegal activities. CISA warned of a critical vulnerability in ASUS Live Update software, which has been actively exploited. An automated campaign targeting multiple VPN platforms has been reported, with credential-based attacks observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN.

Winsage

December 10, 2025

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include two critical vulnerabilities: 1. CVE-2025-6218 (CVSS score of 7.8) - RARLAB WinRAR Path Traversal Vulnerability, which allows attackers to execute arbitrary code by manipulating file paths within a malicious archive or webpage. 2. CVE-2025-62221 (CVSS score of 7.8) - Microsoft Windows Use After Free Vulnerability, which enables an authorized attacker to elevate their privileges locally to SYSTEM. Federal agencies are required to address these vulnerabilities by December 30, 2025, in accordance with Binding Operational Directive (BOD) 22-01.

Winsage

November 13, 2025

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox. 1. WatchGuard Firebox Vulnerability (CVE-2025-9242): This vulnerability has a CVSS score of 9.3 and allows unauthenticated attackers to execute arbitrary code through an out-of-bounds write flaw. It affects Fireware OS versions 11.10.2 to 11.12.4_Update1, 12.0 to 12.11.3, and 2025.1. The vulnerability impacts the Mobile User VPN and Branch Office VPN configured with IKEv2. 2. Gladinet Triofox Vulnerability (CVE-2025-12480): This improper access control vulnerability allows threat actors to bypass authentication and upload remote access tools. It has been linked to threat cluster UNC6485 and is the third Triofox issue exploited this year, following CVE-2025-30406 and CVE-2025-11371. 3. Microsoft Windows Vulnerability (CVE-2025-62215): This race condition vulnerability has a CVSS score of 7 and allows an authorized attacker to elevate privileges locally, potentially gaining SYSTEM privileges. Federal agencies must address these vulnerabilities by December 3, 2025, as per Binding Operational Directive (BOD) 22-01. Private organizations are also advised to review the KEV catalog to strengthen their cybersecurity measures.

Winsage

October 31, 2025

Windows Server Update Service exploitation ensnares at least 50 victims

Over 50 organizations in the United States have been targeted in attacks exploiting a vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287, related to the deserialization of untrusted data. Despite a security update from Microsoft in mid-October, an emergency out-of-band update was issued due to its inadequacy. Sophos recorded six incidents linked to this exploitation, with indications of broader impacts. The affected sectors include technology, education, manufacturing, and healthcare. The hacker group UNC6512 has been connected to these activities, conducting reconnaissance and exfiltrating sensitive data. Sophos detected malicious activity on October 24, following the release of the out-of-band patch. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and urged security teams to apply necessary patches and check for signs of compromise.