Vendor
Monero Project
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34060 | Cri | 0.65 | — | 0.01 | Jul 1, 2025 | A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation.… | ||
| CVE-2025-26819 | Hig | 0.00 | 8.6 | 0.01 | Feb 15, 2025 | Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. | ||
| CVE-2020-26947 | Hig | 0.00 | 7.8 | 0.00 | Oct 10, 2020 | monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. |
- risk 0.65cvss —epss 0.01
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation.…
- risk 0.00cvss 8.6epss 0.01
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
- risk 0.00cvss 7.8epss 0.00
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.