CVE-2025-54117 – NamelessMC Cross-Site Scripting (XSS) Vulnerability

August 18, 2025

CVE ID : CVE-2025-54117

Published : Aug. 18, 2025, 4:15 p.m. | 9 hours, 47 minutes ago

Description : NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed in 2.2.4.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-55201 – “Apache Airflow Copier Library and CLI App File Access Vulnerability”

Next Article CVE-2025-36120 – IBM Storage Virtualize SSH Privilege Escalation Vulnerability

Highlights

CVE-2025-4259 – Newbee-Mall Unrestricted File Upload Vulnerability

May 4, 2025

CVE ID : CVE-2025-4259

Published : May 5, 2025, 3:15 a.m. | 17 minutes ago

Description : A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2025-54117 – NamelessMC Cross-Site Scripting (XSS) Vulnerability

CVE-2025-6625 – Cisco FTP Denial Of Service

CVE-2025-36120 – IBM Storage Virtualize SSH Privilege Escalation Vulnerability

How To Fix Forced Reflows And Layout Thrashing

Revisiting Uncertainty Quantification Evaluation in Language Models: Spurious Interactions with Response Length Bias Results

CVE-2025-20693 – Intel Wireless LAN STA Driver Out-of-Bounds Read Information Disclosure Vulnerability

ChatGPT now remembers everything you’ve ever told it – Here’s what you need to know

CVE-2025-4259 – Newbee-Mall Unrestricted File Upload Vulnerability

CVE-2025-49158 – Trend Micro Apex One Escalation of Privilege Vulnerability

CVE-2025-2105 – Jupiter X Core WordPress PHP Object Injection Vulnerability

Surfshark is our pick for best value VPN, and you can save up to 87% on plans right now

CVE-2025-54117 – NamelessMC Cross-Site Scripting (XSS) Vulnerability

Related Posts