VYPR
Vendor

Namelessmc

Products
1
CVEs
20
Across products
20
Status
Private

Products

1

Recent CVEs

20
  • CVE-2026-33398HigJun 2, 2026
    risk 0.46cvss epss 0.00

    NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlled `post` ID and returns its content. The backend helper in…

  • CVE-2026-40314MedJun 2, 2026
    risk 0.45cvss epss 0.00

    NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. `modules/Core/queries/reactions.php` allows unauthenticated…

  • CVE-2026-34460MedJun 2, 2026
    risk 0.35cvss 5.4epss 0.00

    NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own…

  • CVE-2026-40571MedJun 2, 2026
    risk 0.34cvss epss 0.00

    NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add…

  • CVE-2026-35447MedJun 2, 2026
    risk 0.34cvss epss 0.00

    NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the…

  • CVE-2026-35443MedJun 2, 2026
    risk 0.34cvss epss 0.00

    NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce topic-level `view_other_topics` authorization. As a result, in forums where…

  • CVE-2026-32250MedJun 2, 2026
    risk 0.28cvss 4.3epss 0.00

    NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint `/index.php?route=/queries/user/`. The application reflects user-supplied input from the id parameter…

  • CVE-2025-54117Aug 18, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This…

  • CVE-2025-54421Aug 18, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the default_keywords crafted parameter. This…

  • CVE-2025-54118Aug 18, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This…

  • CVE-2025-32389Apr 18, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure…

  • CVE-2025-31120Apr 18, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side…

  • CVE-2025-31118Apr 18, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any…

  • CVE-2025-30357Apr 18, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once…

  • CVE-2025-30158Apr 18, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an…

  • CVE-2025-29784Apr 18, 2025
    risk 0.00cvss epss 0.01

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight…

  • CVE-2025-22142Jan 13, 2025
    risk 0.00cvss epss 0.00

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's…

  • CVE-2025-22144Jan 13, 2025
    risk 0.00cvss epss 0.01

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code…

  • CVE-2022-2820Aug 15, 2022
    risk 0.00cvss epss 0.01

    Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2.

  • CVE-2022-2821Aug 15, 2022
    risk 0.00cvss epss 0.01

    Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2.