VYPR

forum software

by Monero Project

CVEs (1)

  • CVE-2025-34060CriJul 1, 2025
    risk 0.65cvss epss 0.01

    A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation.…