CVE-2026-37470

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

CVE-2025-62429

Summary: CVE-2025-62429 affects ClipBucket v5 prior to 5.5.2 #147. The flaw resides in /upload/admin_area/actions/update_launch.php where the POST parameter "type" is embedded into PHP tags without proper sanitization, allowing an attacker to execute arbitrary PHP code (RCE). The vulnerability is...

EUVD-2025-34915

ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 145 allows stored cross-site scripting XSS in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields in Movieinfos accept...

CVE-2025-62424

CVE-2025-62424 concerns ClipBucket, a web-based video-sharing platform. A path traversal flaw exists in the /admin_area/template_editor.php endpoint for ClipBucket versions 5.5.2 - #146 and earlier, caused by inadequate validation of the file-loading path. This allows authenticated administrators...

EUVD-2011-3675

Malware in sbrugna...

EUVD-2018-19381

Malware in sbrugna...

EUVD-2024-52306

Malicious code in bioql PyPI...

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...

PT-2025-38416

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.0 Description An issue exists in ClipBucket that allows an unauthenticated attacker to upload arbitrary files via the photo uploader.php plupload endpoint due to missing access controls in the upload handler...

CVE-2013-10040

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofcuploadimage.php script located at /adminarea/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file...

CVE-2013-10040

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofcuploadimage.php script located at /adminarea/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file...

CVE-2013-10040 ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofcuploadimage.php script located at /adminarea/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file...

CVE-2013-10040 ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofcuploadimage.php script located at /adminarea/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file...

CVE-2013-10040

CVE-2013-10040 affects ClipBucket 2.6 and earlier. Affected component is the ofc_upload_image.php script under /admin_area/charts/ofc-library/, which allows unauthenticated users to upload arbitrary files (including PHP), with access to the uploaded file via a predictable path and resulting in re...

PT-2025-31538 · Undefined · Undefined

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc upload image.php script located at /admin area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the fi...

CVE-2012-6642

Cross-site scripting XSS vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to viewchannel.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2024-54136

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to...

CVE-2025-21623 ClipBucket V5 Unauthenticated Template Directory Update to Denial-of-Service

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service...

CVE-2025-21623 ClipBucket V5 Unauthenticated Template Directory Update to Denial-of-Service

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service...

CVE-2025-21622

CVE-2025-21622 affects ClipBucket V5. The issue arises in the avatar deletion workflow where avatar_url is treated as a file path within the avatars directory without validating path traversal sequences. The final $file variable can be tainted by traversal inputs stored in the DB, enabling deleti...