EUVD-2026-34010

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

SkyFire_548 security vulnerability

SkyFire548 is a game server open source project under Project SkyFire. Versions of SkyFire548 prior to 5.4.8-stable5 contained security vulnerabilities, which were caused by improper pointer operations...

Minecraft-Rcon-Manage security vulnerability

Minecraft-Rcon-Manage is a game server framework developed by MemoryCache’s individual developers. Versions of Minecraft-Rcon-Manage prior to version 3 contained security vulnerabilities, which stemmed from improper control over code generation, potentially leading to code injection attacks...

CVE-2024-34067

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...

Exploit for CVE-2025-49132

CVE-2025-49132 CVE-2025-49132 is a critical arbitrary code exe...

MAL-2025-48759 Malicious code in sample-game-server (npm)

The package sample-game-server was found to contain malicious code...

Malicious code in sample-game-server (npm)

The package sample-game-server was found to contain malicious code...

EUVD-2004-1533

Malware in sbrugna...

EUVD-2007-4514

Malware in sbrugna...

EUVD-2021-2407

Malware in sbrugna...

EUVD-2007-4515

Malware in sbrugna...

EUVD-2007-5244

Malware in sbrugna...

EUVD-2009-3047

Malware in sbrugna...

EUVD-2021-2222

Malware in sbrugna...

EUVD-2010-0487

Malware in sbrugna...

EUVD-2005-0431

Malware in sbrugna...

EUVD-2024-3584

Malicious code in bioql PyPI...

EUVD-2024-1381

Malicious code in bioql PyPI...

CVE-2024-56361

LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...

CVE-2021-24662

The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...