VYPR

Clipbucket

by Clip Bucket

Source repositories

CVEs (45)

  • CVE-2026-28354Feb 27, 2026
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item…

  • CVE-2026-26997Feb 27, 2026
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.

  • CVE-2026-26005Feb 12, 2026
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in…

  • CVE-2026-25728Feb 10, 2026
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible…

  • CVE-2026-21875Jan 7, 2026
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php…

  • CVE-2025-67418Dec 22, 2025
    risk 0.00cvss epss 0.01

    ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in…

  • CVE-2025-64338Dec 15, 2025
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos feature vulnerable to Stored…

  • CVE-2025-65113Nov 29, 2025
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the platform. This can lead to…

  • CVE-2025-62709Nov 20, 2025
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration base_url is not set. Because Host is a…

  • CVE-2025-64339Nov 7, 2025
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a…

  • CVE-2025-64336Nov 7, 2025
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code.…

  • CVE-2025-64114Nov 5, 2025
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities…

  • CVE-2025-62715Nov 4, 2025
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later…

  • CVE-2025-62429Oct 20, 2025
    risk 0.00cvss epss 0.01

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed.…

  • CVE-2025-62430Oct 17, 2025
    risk 0.00cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields…

  • CVE-2025-62424Oct 17, 2025
    risk 0.00cvss epss 0.01

    ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier, the /admin_area/template_editor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read…

  • CVE-2025-62423Oct 16, 2025
    risk 0.00cvss epss 0.00

    ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting this vulnerability requires access privileges to the Admin Area.

  • CVE-2025-21624Jan 7, 2025
    risk 0.00cvss epss 0.01

    ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can…

  • CVE-2025-21623Jan 7, 2025
    risk 0.00cvss epss 0.01

    ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.

  • CVE-2025-21622Jan 7, 2025
    risk 0.00cvss epss 0.01

    ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL…