CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

CVE-2026-40314

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

CVE-2026-40571 NamelessMC: Reactions on private or blocking profile posts can be modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

EUVD-2026-33983

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

CVE-2026-40571

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

CVE-2026-40571

CVE-2026-40571 (NamelessMC) affects NamelessMC website software for Minecraft servers. In version 2.2.4, the file core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. As a result, authenticated low-privil...

CVE-2026-35447 NamelessMC: Private or blocking profile pages can be bypassed with direct POST requests, and reply handling allows cross-profile writes

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

CVE-2026-35447

NamelessMC web software (Minecraft servers) is affected by CVE-2026-35447 in version 2.2.4. The flaw resides in the profile page (modules/Core/pages/profile.php), where wall post submissions and replies are processed before verifying the viewer’s authorization. This allows any user with the profi...

CVE-2026-35447 NamelessMC: Private or blocking profile pages can be bypassed with direct POST requests, and reply handling allows cross-profile writes

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

EUVD-2026-33982

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

CVE-2026-40314

NamelessMC (Minecraft server website software) 2.2.4 is affected by an authorization issue where core/classes/Misc/ProfilePostReactionContext.php only verifies the wall post exists and fails to enforce blocked/private-profile visibility, while modules/Core/queries/reactions.php permits unauthenti...

CVE-2026-40314 NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

EUVD-2026-33976

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

CVE-2026-40314

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

CVE-2026-40314 NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

PT-2026-45801

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

PT-2026-45803

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...