CVE-2026-25482

Craft Commerce (Craft CMS) is affected by a stored DOM XSS in the Recent Orders dashboard widget. Versions 4.0.0-RC1–4.10.0 and 5.0.0–5.5.1 render the Order Status Name via JavaScript string concatenation without proper escaping, enabling script execution when an admin visits the dashboard. This ...

EUVD-2025-199885

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...