CVE-2026-49482

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

CVE-2026-47238

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - 1...

CVE-2026-42846

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

CVE-2026-45060

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

CVE-2026-45418

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title English, Spanish.... The POST /actions/subtitleedit.php request used to change their title...

EUVD-2026-36370

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

CVE-2026-49482

CVE-2026-49482 affects ClipBucket v5, where the subtitle editing endpoint improperly neutralizes SQL wildcard characters. An authenticated user could supply a '%' in the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request. This is mitigated by the patc...

CVE-2026-49482 ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

CVE-2026-49482 ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

CVE-2026-47238 ClipBucket: IDOR in videos subtitle editor

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - 1...

CVE-2026-47238 ClipBucket: IDOR in videos subtitle editor

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - 1...

CVE-2026-47238

CVE-2026-47238 affects ClipBucket v5 prior to 5.5.3 (patch released in 5.5.3 - #133). A normal authenticated user can perform an insecure IDOR in the videos subtitle editor, allowing editing, uploading, renaming, or deleting subtitles belonging to other users due to lack of proper authorization. ...

EUVD-2026-36369

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - 1...

CVE-2026-45060 ClipBucket: Blind SQL Injection in progress_video.php

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

EUVD-2026-36368

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

CVE-2026-45060 ClipBucket: Blind SQL Injection in progress_video.php

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

CVE-2026-45060

CVE-2026-45060 (ClipBucket) affects ClipBucket v5.x prior to 5.5.3. The vulnerability is a blind SQL injection in the actions/progress_video.php endpoint, exploitable by unauthenticated users via the ids parameter to exfiltrate data. The issue is confirmed as patched in version 5.5.3 (#129). If e...

CVE-2026-42846 ClipBucket: Remote Play URL Command Injection

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

CVE-2026-42846 ClipBucket: Remote Play URL Command Injection

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

CVE-2026-42846

CVE-2026-42846 affects ClipBucket v5 prior to 5.5.3 (pre-release #140) where the Remote Play feature concatenates a user-provided URL into shell commands without escaping. This allows an authenticated user to trigger arbitrary command execution via shell metacharacters in the URL. The issue has b...