Mono CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2007-5473	2 Microsoft, Mono	2 Windows, Mono	2025-04-09	N/A
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
CVE-2005-0509	2 Microsoft, Mono	2 .net Framework, Mono	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
CVE-2023-35373	1 Microsoft	1 Mono	2025-01-01	5.3 Medium
Mono Authenticode Validation Spoofing Vulnerability
CVE-2021-24112	1 Microsoft	4 .net, .net Core, Mono and 1 more	2024-11-21	8.1 High
.NET Core Remote Code Execution Vulnerability
CVE-2019-0757	4 Apple, Microsoft, Mono-project and 1 more	11 Macos, .net Core, .net Core Sdk and 8 more	2024-11-21	6.5 Medium
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

Page 1 of 1.