Oxygenz

Clipbucket

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-28354

Exploit
  • EPSS 0.01%
  • Veröffentlicht 27.02.2026 19:18:25
  • Zuletzt bearbeitet 03.03.2026 20:08:50

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both ad...

5.4

CVE-2026-26997

Exploit
  • EPSS 0.01%
  • Veröffentlicht 27.02.2026 19:15:11
  • Zuletzt bearbeitet 03.03.2026 20:10:04

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.

5

CVE-2026-26005

Exploit
  • EPSS 0.03%
  • Veröffentlicht 12.02.2026 20:34:01
  • Zuletzt bearbeitet 18.02.2026 14:59:54

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying ...

7.5

CVE-2026-25728

Exploit
  • EPSS 0.05%
  • Veröffentlicht 10.02.2026 17:12:04
  • Zuletzt bearbeitet 18.02.2026 15:02:02

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded...

9.8

CVE-2026-21875

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.01.2026 23:52:18
  • Zuletzt bearbeitet 27.01.2026 19:05:52

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request t...

9.8

CVE-2025-67418

Exploit
  • EPSS 0.4%
  • Veröffentlicht 22.12.2025 00:00:00
  • Zuletzt bearbeitet 02.01.2026 17:39:50

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default...

6.5

CVE-2025-65113

Exploit
  • EPSS 0.11%
  • Veröffentlicht 29.11.2025 00:34:04
  • Zuletzt bearbeitet 03.12.2025 21:51:03

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the p...

8.8

CVE-2025-62709

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.11.2025 16:50:03
  • Zuletzt bearbeitet 25.11.2025 19:04:18

ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration base_url is not se...

9

CVE-2025-64338

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.11.2025 05:16:10
  • Zuletzt bearbeitet 31.12.2025 18:30:53

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos f...

5.4

CVE-2025-64339

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.11.2025 05:12:37
  • Zuletzt bearbeitet 26.11.2025 15:42:24

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user ca...