Vulnerabilities in namelessmc
20 resultsCVE-2022-2821CRITICALMissing Critical Step in Authentication in namelessmc/namelessEPSS 1.1%CVE-2025-22144CRITICALAccount Takeover in NamelessMCEPSS 0.7%CVE-2022-2820HIGHSession Fixation in namelessmc/namelessEPSS 0.6%CVE-2025-29784HIGHNamelessMC Has Lack of Length Validation for s Parameter in GET RequestsEPSS 0.5%CVE-2025-30158HIGHNamelessMC Forum iframe width/height abuse causing UI-based Denial of ServiceEPSS 0.4%CVE-2025-31118HIGHNamelessMC Has Forum Reply Submission Time Limit BypassEPSS 0.4%CVE-2025-32389HIGHNamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports PagesEPSS 0.4%CVE-2025-54118MEDIUMNamelessMC allows sensitive information disclosure in member list componentEPSS 0.4%CVE-2025-31120MEDIUMNamelessMC Vulnerable to Cookie-Based View Count ManipulationEPSS 0.4%CVE-2025-30357HIGHNamelessMC Forum Topic Deletion Triggered by Unrelated User DeletionEPSS 0.4%CVE-2025-54421HIGHNamelessMC allows Stored Cross Site Scripting (XSS) in SEO componentEPSS 0.4%CVE-2025-54117CRITICALNamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editorEPSS 0.4%CVE-2026-40314MEDIUMNamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorizationEPSS 0.3%CVE-2025-22142MEDIUMCross-site Scripting in NamelessMCEPSS 0.3%CVE-2026-35447MEDIUMNamelessMC: Private or blocking profile pages can be bypassed with direct POST requests, and reply handling allows cross-profile writesEPSS 0.2%CVE-2026-35443MEDIUMNamelessMC: Forum reactions bypass the "view own topics only" restrictionEPSS 0.2%CVE-2026-40571MEDIUMNamelessMC: Reactions on private or blocking profile posts can be modified without proper authorizationEPSS 0.2%CVE-2026-33398HIGHAuthenticated users can read hidden forum posts through `/forum/get_quotes`EPSS 0.2%CVE-2026-32250MEDIUMNamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/EPSS 0.2%CVE-2026-34460MEDIUMNamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swappingEPSS 0.1%