CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...

PT-2026-22378

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 59 Description ClipBucket is an open source video sharing platform. A normal authenticated user can store a cross-site scripting XSS payload, which is then triggered by an administrator. Recommendations Updat...

CVE-2026-26005

CVE-2026-26005 affects ClipBucket v5 prior to 5.5.3; the Remote Play feature allows creating video entries that reference external video URLs without uploading files. If an attacker specifies an internal network host in the video URL, an SSRF is triggered, causing GET requests to internal servers...

CVE-2025-64114 ClipBucket v5: SQL Injection possible through ClipBucket Custom Fields plugin

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...

Google Fined $170 Million For Violating Kids' Privacy On YouTube

Google has finally agreed to pay $170 million fine to settle allegations by the Federal Trade Commission and the New York attorney general that its YouTube service earned millions by illegally harvesting personal information from children without their parents' consent. The settlement requires...