Skip to main content

Monero

4 CVEs product

Monthly

CVE-2025-26819 HIGH PATCH This Week

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Monero
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2020-26947 HIGH PATCH This Week

monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Monero
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-6861 MEDIUM POC This Month

A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monero
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-3972 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Monero
NVD
CVSS 3.1
9.8
EPSS
3.7%
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Monero
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Monero
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monero
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Monero
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy