CVE-2026-26005

CVE-2026-26005 affects ClipBucket v5 prior to 5.5.3; the Remote Play feature allows creating video entries that reference external video URLs without uploading files. If an attacker specifies an internal network host in the video URL, an SSRF is triggered, causing GET requests to internal servers...

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...

CVE-2025-65113

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

CVE-2025-64114

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...