Lucene search
+L

356 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-55010 Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability

...

9.8CVSS0.00756EPSS
Exploits0References1
CVE
CVE
added 5 days ago16 views

CVE-2026-55010

CVE-2026-55010 is a heap-based buffer overflow in the Minecraft Bedrock Dedicated Server that could allow an unauthorized attacker to execute code over a network. A CIRCL sighting indicates exploitation in the wild; the provided documents do not specify a patch or version to remediate.

9.8CVSS6.3AI score0.00756EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 5 days ago7 views

Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability

Heap-based buffer overflow in Minecraft Bedrock Dedicated Server allows an unauthorized attacker to execute code over a network...

9.8CVSS6.3AI score0.00756EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago9 views

Malicious code in permcserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf9fcdfd2e40ddb8c0aef4fa0fb93f2d0bcf3b0c00104057076f8013a70812d6 The package's main index.js is a 10-line FFI shim that spawns a worker, dlopens the bundled lib-linux.so via koffi, and immediately invokes the nativ...

6.3AI score
Exploits0References4
NVD
NVD
added 2026/07/07 12:16 a.m.9 views

CVE-2024-56141

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS0.00111EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 11:17 p.m.16 views

CVE-2024-56141

Minosoft’s open-source Minecraft Java Edition client (Kotlin) uses AES with an IV equal to the secret key in CryptManager.kt since commit f1ae30e2. The non-random IV makes encryption vulnerable to chosen-ciphertext/plaintext attacks, enabling an attacker who can request specific encryptions to re...

5CVSS6AI score0.00111EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 11:17 p.m.32 views

CVE-2024-56141 Minosoft has IV equal to key

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS0.00111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56040

Name of the Vulnerable Software and Affected Versions Minosoft affected versions supporting Minecraft protocol 1.7 and later Description The CryptManager encryption routine in CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret key instead ...

5CVSS6.1AI score0.00111EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS5.4AI score0.00235EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/03 6:16 a.m.23 views

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service MaaS campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/06/02 4:44 p.m.12 views

EUVD-2026-33983

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 4:8 p.m.14 views

EUVD-2026-33976

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 3:29 p.m.11 views

EUVD-2026-33960

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45856

Name of the Vulnerable Software and Affected Versions CloudburstMC Protocol versions prior to 3.0.0.Beta12-20260420.182526-15 Description CloudburstMC Protocol, a protocol library for Minecraft Bedrock Edition, contains a flaw where validation for FULL type authentication tokens is partially...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/19 2:12 a.m.120 views

MC-271325-PoC

Status trailing-byte log amplification MC-271325 Unauthenti...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/19 2:12 a.m.96 views

MC-271325-DoS-PoC

Log amplification based denial for service for vanilla Minecra...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/13 8:29 p.m.154 views

Rcon-Bruteforce

RCON Scanner & Exploitation Toolkit ⚠️ EDUCATIONAL PURPOSE...

10CVSS7.9AI score0.99999EPSS
Exploits355
NVD
NVD
added 2026/05/11 10:22 p.m.25 views

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

2.4CVSS0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:25 p.m.17 views

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

2.4CVSS5.9AI score0.00158EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Geyser 代码问题漏洞

Geyser is a cross-platform game version bridging proxy tool developed by GeyserMC. Versions of Geyser prior to 2.9.3 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when processing texture data for players’ heads in Minecraft. This allowed attackers...

2.4CVSS6AI score0.00158EPSS
Exploits0References2
Rows per page
Query Builder