Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

NamelessMC — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting NamelessMC. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NamelessMC is a free, open-source Minecraft server management panel designed to simplify server administration through a web interface. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) attacks, and privilege escalation flaws, contributing to its 13 CVE records. The platform's security has been compromised through improper input validation and insufficient access controls, with incidents often allowing attackers to execute arbitrary commands or gain unauthorized administrative access. Despite these vulnerabilities, its core functionality remains focused on providing server owners with tools for player management, plugin installation, and server configuration through an accessible web-based dashboard.

Top products by NamelessMC: Nameless namelessmc/nameless
CVE IDTitleCVSSSeverityPublished
CVE-2026-40571 NamelessMC: Reactions on private or blocking profile posts can be modified without proper authorization — NamelessCWE-862--2026-06-02
CVE-2026-35447 NamelessMC: Private or blocking profile pages can be bypassed with direct POST requests, and reply handling allows cross-profile writes — NamelessCWE-201--2026-06-02
CVE-2026-40314 NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization — NamelessCWE-862--2026-06-02
CVE-2026-35443 NamelessMC: Forum reactions bypass the "view own topics only" restriction — NamelessCWE-862--2026-06-02
CVE-2026-34460 NamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swapping — NamelessCWE-302 5.4 Medium2026-06-02
CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes` — NamelessCWE-285--2026-06-02
CVE-2026-32250 NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/ — NamelessCWE-79 4.3 Medium2026-06-02
CVE-2025-54117 NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor — NamelessCWE-80 9.1 Critical2025-08-18
CVE-2025-54421 NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component — NamelessCWE-79 7.2 High2025-08-18
CVE-2025-54118 NamelessMC allows sensitive information disclosure in member list component — NamelessCWE-200 5.3 Medium2025-08-18
CVE-2025-32389 NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages — NamelessCWE-89 9.8 -2025-04-18
CVE-2025-31120 NamelessMC Vulnerable to Cookie-Based View Count Manipulation — NamelessCWE-565 5.3 Medium2025-04-18
CVE-2025-31118 NamelessMC Has Forum Reply Submission Time Limit Bypass — NamelessCWE-400 7.1 High2025-04-18
CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion — NamelessCWE-706 7.3 High2025-04-18
CVE-2025-30158 NamelessMC Forum iframe width/height abuse causing UI-based Denial of Service — NamelessCWE-400 7.1 High2025-04-18
CVE-2025-29784 NamelessMC Has Lack of Length Validation for s Parameter in GET Requests — NamelessCWE-130 7.5 High2025-04-18
CVE-2025-22142 Cross-site Scripting in NamelessMC — NamelessCWE-79 6.1 -2025-01-13
CVE-2025-22144 Account Takeover in NamelessMC — NamelessCWE-610 8.1 -2025-01-13
CVE-2022-2820 Session Fixation in namelessmc/nameless — namelessmc/namelessCWE-384 7.0 High2022-08-15
CVE-2022-2821 Missing Critical Step in Authentication in namelessmc/nameless — namelessmc/namelessCWE-304 7.5 -2022-08-15

This page lists every published CVE security advisory associated with NamelessMC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.