Known Vulnerabilities for products from Mono
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mono".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40614 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-34760 json | Not Provided | 2026-04-02 | 2026-04-03 | |
| CVE-2026-5557 json | Not Provided | 2026-04-05 | 2026-04-06 | |
| CVE-2026-5556 json | Not Provided | 2026-04-05 | 2026-04-06 | |
| CVE-2026-5533 json | Not Provided | 2026-04-05 | 2026-04-06 | |
| CVE-2020-12473 json | MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ... | 7.2 - HIGH | 2020-04-29 | 2021-07-21 |
| CVE-2020-12472 json | MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. | 5.4 - MEDIUM | 2020-04-29 | 2020-05-04 |
| CVE-2020-12471 json | MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.... | 9.8 - CRITICAL | 2020-04-29 | 2020-05-04 |
| CVE-2020-12470 json | MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | 7.2 - HIGH | 2020-04-29 | 2020-05-04 |
| CVE-2012-3382 json | Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandl... | 4.3 - MEDIUM | 2012-07-12 | 2013-04-05 |
| CVE-2011-0992 json | Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers t... | 5.8 - MEDIUM | 2011-04-13 | 2017-08-17 |
| CVE-2011-0991 json | Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers t... | 6.8 - MEDIUM | 2011-04-13 | 2017-08-17 |
| CVE-2011-0990 json | Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2... | 5.8 - MEDIUM | 2011-04-13 | 2017-08-17 |
| CVE-2011-0989 json | The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 i... | 5.8 - MEDIUM | 2011-04-13 | 2017-08-17 |
| CVE-2010-4254 json | Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic metho... | 7.5 - HIGH | 2010-12-06 | 2011-02-02 |
| CVE-2010-4225 json | Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the sou... | 5 - MEDIUM | 2011-01-11 | 2017-08-17 |
| CVE-2010-4159 json | Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a ... | 6.9 - MEDIUM | 2010-11-17 | 2010-12-09 |
| CVE-2010-1459 json | The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which all... | 4.3 - MEDIUM | 2010-05-27 | 2010-09-09 |
| CVE-2008-3906 json | CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and ... | Not Provided | 2008-09-04 | 2026-04-23 |
| CVE-2008-3422 json | Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attac... | Not Provided | 2008-07-31 | 2026-04-23 |