CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

CVE-2026-26997

CVE-2026-26997 affects ClipBucket v5 prior to 5.5.3 #59. A normal authenticated user can store a stored XSS payload via the collection name, with the payload being triggered by an administrator. The issue is fixed in version 5.5.3 #59. CVSS metrics in the entry indicate a base score of 5.1 (Mediu...

ClipBucket V5 跨站脚本漏洞

ClipBucket V5 is a video hosting platform for MacWarrior individual developers. A cross-site scripting vulnerability exists in ClipBucket V5 5.5.2-146 and prior versions, which stems from the Playlist Name field not being properly cleaned and escaped, and could lead to a stored cross-site scripti...

PT-2024-36063

Name of the Vulnerable Software and Affected Versions: ClipBucket-v5 versions 2.0 through 5.5.1 Revision 199 Description: ClipBucket V5 provides open source video hosting with PHP. The issue exists in the upload/photo upload.php file, specifically within the decode key function. This function...

PT-2024-36064 · Unknown · Clipbucket-V5

Name of the Vulnerable Software and Affected Versions: ClipBucket-v5 versions 5.5.1 Revision 199 and below Description: The issue exists in the upload/upload.php file where user-supplied input via the collection get parameter is directly provided to the unserialize function, allowing an adversary...