Lucene search
K

351 matches found

NVD
NVD
added 2026/07/07 12:16 a.m.8 views

CVE-2024-56141

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS0.00111EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 11:17 p.m.31 views

CVE-2024-56141 Minosoft has IV equal to key

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS0.00111EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 11:17 p.m.15 views

CVE-2024-56141

Minosoft’s open-source Minecraft Java Edition client (Kotlin) uses AES with an IV equal to the secret key in CryptManager.kt since commit f1ae30e2. The non-random IV makes encryption vulnerable to chosen-ciphertext/plaintext attacks, enabling an attacker who can request specific encryptions to re...

5CVSS6AI score0.00111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56040

Name of the Vulnerable Software and Affected Versions Minosoft affected versions supporting Minecraft protocol 1.7 and later Description The CryptManager encryption routine in CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret key instead ...

5CVSS6.1AI score0.00111EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS5.4AI score0.00235EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/03 6:16 a.m.22 views

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service MaaS campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/06/02 4:44 p.m.12 views

EUVD-2026-33983

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 4:8 p.m.14 views

EUVD-2026-33976

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 3:29 p.m.11 views

EUVD-2026-33960

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45856

Name of the Vulnerable Software and Affected Versions CloudburstMC Protocol versions prior to 3.0.0.Beta12-20260420.182526-15 Description CloudburstMC Protocol, a protocol library for Minecraft Bedrock Edition, contains a flaw where validation for FULL type authentication tokens is partially...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/19 2:12 a.m.113 views

MC-271325-PoC

Status trailing-byte log amplification MC-271325 Unauthenti...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/19 2:12 a.m.87 views

MC-271325-DoS-PoC

Log amplification based denial for service for vanilla Minecra...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/13 8:29 p.m.147 views

Rcon-Bruteforce

RCON Scanner & Exploitation Toolkit ⚠️ EDUCATIONAL PURPOSE...

10CVSS7.9AI score0.99999EPSS
Exploits352
NVD
NVD
added 2026/05/11 10:22 p.m.25 views

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

2.4CVSS0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:25 p.m.15 views

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

2.4CVSS5.9AI score0.00158EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Geyser 代码问题漏洞

Geyser is a cross-platform game version bridging proxy tool developed by GeyserMC. Versions of Geyser prior to 2.9.3 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when processing texture data for players’ heads in Minecraft. This allowed attackers...

2.4CVSS6AI score0.00158EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/28 5:39 p.m.14 views

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer aka GrabBot. "The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cybersecurity company Zeno...

6.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 10:5 a.m.8 views

Malicious code in minecraft_image_to_blocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2964fa21dbcfc8cb5ea71c00e80f65d7fd7ed1e9989d6be254456e6ef9b08e3 The package minecraftimagetoblocks was found to contain malicious code...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/04/12 1:30 a.m.6 views

EUVD-2026-21694

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

5.3CVSS5.3AI score0.00224EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

bareiron 安全漏洞

Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability, which stems from excessive memory access. This vulnerability could allow unverified attackers to access sensitive information or cause denial-of-service attacks...

9.1CVSS5.8AI score0.00347EPSS
Exploits0References2
Rows per page
Query Builder