347 matches found
MAL-2025-26406 Malicious code in minecraft-codes658 (npm)
The package minecraft-codes658 was found to contain malicious code...
MAL-2025-26403 Malicious code in minecraft-codes130 (npm)
The package minecraft-codes130 was found to contain malicious code...
MAL-2025-26404 Malicious code in minecraft-codes364 (npm)
The package minecraft-codes364 was found to contain malicious code...
MAL-2025-26405 Malicious code in minecraft-codes408 (npm)
The package minecraft-codes408 was found to contain malicious code...
MAL-2025-26407 Malicious code in minecraft-codes767 (npm)
The package minecraft-codes767 was found to contain malicious code...
Fake Minecraft Installer Spreads NjRat Spyware to Steal Data
Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point…...
CVE-2025-54120 PCL Community Edition exposes login credentials in logs
PCL Plain Craft Launcher Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if...
CVE-2025-54120 PCL Community Edition exposes login credentials in logs
PCL Plain Craft Launcher Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if...
Fake Minecraft Mods on GitHub Found Stealing Player Data
Malware hidden in fake Minecraft Mods on GitHub is stealing passwords and crypto from players. Over 1,500 devices may be affected, researchers warn...
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub
A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service DaaS offering called Stargazers Ghost Network. "The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically," Check Point researchers...
Maximize Your Minecraft: Optimal PC Setup and Server Hosting Essentials
Among all ages, Minecraft still rules the gaming scene as a preferred choice. The game provides a broad…...
CVE-2024-42698
Roughly Enough Items REI v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items REI mod for Minecraft, which allows in-game...
CVE-2023-37262
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
CVE-2023-33245
Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...
CVE-2023-30859
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...
CVE-2021-35054
Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files...
CVE-2021-43819
Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The...
CVE-2025-27107
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...
CVE-2025-27107
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...
CVE-2025-27107 Integrated Scripting vulnerable to arbitrary code execution via Java reflection
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...