CVE-2026-35447EPSS p14.3%

CVE-2026-35447CVE-2026-35447

Description

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to write wall posts to private or blocking profiles. Additionally, the reply branch does not verify that the target wall post belongs to the current profile, enabling attackers to inject replies into arbitrary wall posts owned by other profiles via a restricted profile URL. This is patched in version 2.2.5.

Scoring

EPSS0.24% probability of exploitation · percentile 14.3% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40571
CVE
CVE-2026-35443
CVE
CVE-2026-40314
CVE
CVE-2026-33398
CVE
CVE-2026-34460
CVE
CVE-2026-32250
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.