VYPR
Vendor

Monero Project

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2025-34060CriJul 1, 2025
    risk 0.65cvss epss 0.01

    A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation.…

  • CVE-2025-26819HigFeb 15, 2025
    risk 0.00cvss 8.6epss 0.01

    Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.

  • CVE-2020-26947HigOct 10, 2020
    risk 0.00cvss 7.8epss 0.00

    monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.