Vendor CVEs
Clip Bucket
All CVEs
45 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7665 | Cri | 0.68 | 9.8 | 0.16 | Mar 5, 2018 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php. | ||
| CVE-2026-45060 | Cri | 0.64 | 9.8 | 0.00 | Jun 11, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This… | ||
| CVE-2026-42846 | Cri | 0.64 | 9.8 | 0.01 | Jun 11, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is… | ||
| CVE-2018-7666 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2018 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter. | ||
| CVE-2018-7664 | Cri | 0.64 | 9.8 | 0.02 | Mar 5, 2018 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php. | ||
| CVE-2026-45418 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title (English, Spanish...). The POST /actions/subtitle_edit.php request used to… | ||
| CVE-2026-37470 | Hig | 0.47 | 7.3 | 0.00 | May 22, 2026 | An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components | ||
| CVE-2026-42847 | Hig | 0.46 | — | 0.00 | May 14, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint admin_area/action_logs.php. The endpoint… | ||
| CVE-2026-47238 | Med | 0.42 | 6.5 | 0.00 | Jun 11, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched… | ||
| CVE-2016-1000307 | Med | 0.40 | 6.1 | 0.01 | Apr 6, 2017 | Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to… | ||
| CVE-2016-4848 | Med | 0.40 | 6.1 | 0.02 | Sep 2, 2016 | Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2015-4673 | Med | 0.35 | 5.4 | 0.01 | Apr 6, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3)… | ||
| CVE-2026-49482 | Med | 0.28 | 4.3 | 0.00 | Jun 12, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite… | ||
| CVE-2013-10040 | 0.09 | — | 0.02 | Jul 31, 2025 | ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker… | |||
| CVE-2025-55912 | 0.04 | — | 0.01 | Sep 18, 2025 | An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler | |||
| CVE-2025-55911 | 0.03 | — | 0.01 | Sep 18, 2025 | An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter | |||
| CVE-2012-5849 | 0.03 | — | 0.03 | May 14, 2015 | Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5)… | |||
| CVE-2015-2102 | 0.03 | — | 0.02 | Feb 27, 2015 | SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||
| CVE-2012-6644 | 0.03 | — | 0.03 | Apr 8, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6)… | |||
| CVE-2012-6643 | 0.03 | — | 0.02 | Apr 8, 2014 | Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from… | |||
| CVE-2026-28354 | 0.00 | — | 0.00 | Feb 27, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item… | |||
| CVE-2026-26997 | 0.00 | — | 0.00 | Feb 27, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue. | |||
| CVE-2026-26005 | 0.00 | — | 0.00 | Feb 12, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in… | |||
| CVE-2026-25728 | 0.00 | — | 0.00 | Feb 10, 2026 | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible… | |||
| CVE-2026-21875 | 0.00 | — | 0.00 | Jan 7, 2026 | ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php… | |||
| CVE-2025-67418 | 0.00 | — | 0.01 | Dec 22, 2025 | ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in… | |||
| CVE-2025-64338 | 0.00 | — | 0.00 | Dec 15, 2025 | ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos feature vulnerable to Stored… | |||
| CVE-2025-65113 | 0.00 | — | 0.00 | Nov 29, 2025 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the platform. This can lead to… | |||
| CVE-2025-62709 | 0.00 | — | 0.00 | Nov 20, 2025 | ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration base_url is not set. Because Host is a… | |||
| CVE-2025-64339 | 0.00 | — | 0.00 | Nov 7, 2025 | ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a… | |||
| CVE-2025-64336 | 0.00 | — | 0.00 | Nov 7, 2025 | ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code.… | |||
| CVE-2025-64114 | 0.00 | — | 0.00 | Nov 5, 2025 | ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities… | |||
| CVE-2025-62715 | 0.00 | — | 0.00 | Nov 4, 2025 | ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later… | |||
| CVE-2025-62429 | 0.00 | — | 0.01 | Oct 20, 2025 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed.… | |||
| CVE-2025-62430 | 0.00 | — | 0.00 | Oct 17, 2025 | ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields… | |||
| CVE-2025-62424 | 0.00 | — | 0.01 | Oct 17, 2025 | ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier, the /admin_area/template_editor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read… | |||
| CVE-2025-62423 | 0.00 | — | 0.00 | Oct 16, 2025 | ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting this vulnerability requires access privileges to the Admin Area. | |||
| CVE-2025-21624 | 0.00 | — | 0.01 | Jan 7, 2025 | ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can… | |||
| CVE-2025-21623 | 0.00 | — | 0.01 | Jan 7, 2025 | ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | |||
| CVE-2025-21622 | 0.00 | — | 0.01 | Jan 7, 2025 | ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL… | |||
| CVE-2024-54135 | 0.00 | — | 0.01 | Dec 6, 2024 | ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied… | |||
| CVE-2024-54136 | 0.00 | — | 0.01 | Dec 6, 2024 | ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly… | |||
| CVE-2014-4187 | 0.00 | — | 0.01 | Jun 17, 2014 | Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field. | |||
| CVE-2012-6642 | 0.00 | — | 0.01 | Apr 8, 2014 | Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2011-3717 | 0.00 | — | 0.01 | Sep 23, 2011 | ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files. |
- risk 0.68cvss 9.8epss 0.16
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
- risk 0.64cvss 9.8epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This…
- risk 0.64cvss 9.8epss 0.01
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.
- risk 0.57cvss 8.8epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title (English, Spanish...). The POST /actions/subtitle_edit.php request used to…
- risk 0.47cvss 7.3epss 0.00
An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components
- risk 0.46cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint admin_area/action_logs.php. The endpoint…
- risk 0.42cvss 6.5epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched…
- risk 0.40cvss 6.1epss 0.01
Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to…
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3)…
- risk 0.28cvss 4.3epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite…
- CVE-2013-10040Jul 31, 2025risk 0.09cvss —epss 0.02
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker…
- CVE-2025-55912Sep 18, 2025risk 0.04cvss —epss 0.01
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler
- CVE-2025-55911Sep 18, 2025risk 0.03cvss —epss 0.01
An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter
- CVE-2012-5849May 14, 2015risk 0.03cvss —epss 0.03
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5)…
- CVE-2015-2102Feb 27, 2015risk 0.03cvss —epss 0.02
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
- CVE-2012-6644Apr 8, 2014risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6)…
- CVE-2012-6643Apr 8, 2014risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from…
- CVE-2026-28354Feb 27, 2026risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item…
- CVE-2026-26997Feb 27, 2026risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.
- CVE-2026-26005Feb 12, 2026risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in…
- CVE-2026-25728Feb 10, 2026risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible…
- CVE-2026-21875Jan 7, 2026risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php…
- CVE-2025-67418Dec 22, 2025risk 0.00cvss —epss 0.01
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in…
- CVE-2025-64338Dec 15, 2025risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos feature vulnerable to Stored…
- CVE-2025-65113Nov 29, 2025risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the platform. This can lead to…
- CVE-2025-62709Nov 20, 2025risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration base_url is not set. Because Host is a…
- CVE-2025-64339Nov 7, 2025risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a…
- CVE-2025-64336Nov 7, 2025risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code.…
- CVE-2025-64114Nov 5, 2025risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities…
- CVE-2025-62715Nov 4, 2025risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later…
- CVE-2025-62429Oct 20, 2025risk 0.00cvss —epss 0.01
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed.…
- CVE-2025-62430Oct 17, 2025risk 0.00cvss —epss 0.00
ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields…
- CVE-2025-62424Oct 17, 2025risk 0.00cvss —epss 0.01
ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier, the /admin_area/template_editor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read…
- CVE-2025-62423Oct 16, 2025risk 0.00cvss —epss 0.00
ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting this vulnerability requires access privileges to the Admin Area.
- CVE-2025-21624Jan 7, 2025risk 0.00cvss —epss 0.01
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can…
- CVE-2025-21623Jan 7, 2025risk 0.00cvss —epss 0.01
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.
- CVE-2025-21622Jan 7, 2025risk 0.00cvss —epss 0.01
ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL…
- CVE-2024-54135Dec 6, 2024risk 0.00cvss —epss 0.01
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied…
- CVE-2024-54136Dec 6, 2024risk 0.00cvss —epss 0.01
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly…
- CVE-2014-4187Jun 17, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.
- CVE-2012-6642Apr 8, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2011-3717Sep 23, 2011risk 0.00cvss —epss 0.01
ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files.