Namelessmc

Nameless

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-40571

  • EPSS 0.24%
  • Veröffentlicht 02.06.2026 16:44:14
  • Zuletzt bearbeitet 03.06.2026 14:16:43

NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated ...

5.3

CVE-2026-35447

  • EPSS 0.24%
  • Veröffentlicht 02.06.2026 16:41:14
  • Zuletzt bearbeitet 02.06.2026 20:16:35

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows...

6.9

CVE-2026-40314

  • EPSS 0.27%
  • Veröffentlicht 02.06.2026 16:08:21
  • Zuletzt bearbeitet 02.06.2026 20:16:35

NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. `modules/Core/queries/reactions...

5.3

CVE-2026-35443

  • EPSS 0.24%
  • Veröffentlicht 02.06.2026 15:50:06
  • Zuletzt bearbeitet 02.06.2026 20:16:35

NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce topic-level `view_other_topics` authorization. A...

5.4

CVE-2026-34460

  • EPSS 0.11%
  • Veröffentlicht 02.06.2026 15:29:14
  • Zuletzt bearbeitet 02.06.2026 20:16:34

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAut...

7.1

CVE-2026-33398

  • EPSS 0.23%
  • Veröffentlicht 02.06.2026 15:19:29
  • Zuletzt bearbeitet 02.06.2026 17:16:28

NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlled `post` ID and returns its content. The backend he...

4.3

CVE-2026-32250

  • EPSS 0.19%
  • Veröffentlicht 02.06.2026 13:37:13
  • Zuletzt bearbeitet 02.06.2026 16:16:35

NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint `/index.php?route=/queries/user/`. The application reflects user-supplied i...

5.4

CVE-2025-54117

Exploit
  • EPSS 0.35%
  • Veröffentlicht 18.08.2025 16:15:29
  • Zuletzt bearbeitet 20.08.2025 21:23:49

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard te...

5.4

CVE-2025-54421

Exploit
  • EPSS 0.37%
  • Veröffentlicht 18.08.2025 16:15:29
  • Zuletzt bearbeitet 20.08.2025 21:23:41

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the default_keyw...

5.3

CVE-2025-54118

Exploit
  • EPSS 0.4%
  • Veröffentlicht 18.08.2025 16:15:29
  • Zuletzt bearbeitet 20.08.2025 21:23:34

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source ...