MC-271325-DoS-PoC

Log amplification based denial for service for vanilla Minecra...

Rcon-Bruteforce

RCON Scanner & Exploitation Toolkit ⚠️ EDUCATIONAL PURPOSE...

bareiron 安全漏洞

Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability, which stems from the existence of arbitrary memory write conditions, potentially allowing unverified attackers to execute arbitrary code...

bareiron 安全漏洞

Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability, which stems from excessive memory access. This vulnerability could allow unverified attackers to access sensitive information or cause denial-of-service attacks...

bareiron 安全漏洞

Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability, which stems from a buffer overflow. This vulnerability could allow unverified remote attackers to trigger a denial-of-service attack by sending data packets...

Crafty Controller 跨站脚本漏洞

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improper neutralization of inputs to the Server MOTD component, which could lead to a stored cross-site scripting attack by modifying the...

Crafty Controller 安全漏洞

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A security vulnerability exists in Crafty Controller that stems from improper input neutralization of the Webhook Template component, which could lead to remote code execution via server-side template injection...

minecraft-server-exploit-finder

minecraft-server-exp...

CVE-2025-61680 Minecraft RCON Terminal: Plain Text Password Storage in Configuration

Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0...

EUVD-2024-3108

Malicious code in bioql PyPI...

CVE-2023-30859

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

CVE-2025-27107

Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...

CVE-2025-27107 Integrated Scripting vulnerable to arbitrary code execution via Java reflection

Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to a Denial of Service DoS. The vulnerability exists due to the lack of default limits in the explode function, allowing malicious clients to abuse packets and exhaust server resources...

CVE-2022-39221

McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program,...

Cross-Site Scripting (XSS)

dev-lancer/minecraft-motd-parser is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of proper input validation and sanitization in the HtmlGenerator class, allowing attackers to inject malicious HTML into a web page through a malformed Minecraft server MOTD...

CVE-2024-47765

The CVE-2024-47765 entry describes an XSS vulnerability in the Minecraft MOTD Parser’s HtmlGenerator. The HtmlGenerator builds HTML from MotdItem/MotdItemCollection objects without escaping the color and text inputs, enabling injection of malicious HTML through a crafted MOTD. This affects the Ht...

CVE-2024-47765 Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting XSS attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of...

Crafty Controller Security Vulnerability

Crafty Controller is a Minecraft server control panel/launcher. A security vulnerability exists in Crafty Controller that stems from the presence of a host header injection vulnerability that allows an unauthenticated, remote attacker to trigger a denial of service DoS via a modified host header...

Minecraft Server: Remote Code Execution

Background Minecraft Server is the official server for the sandbox video game. Description A vulnerability has been discovered in Minecraft Server. Please review the CVE identifier referenced below for details. Impact Vulnerable Minecraft Server versions include a bundled version of log4j which i...