cbcvebase.
CVE-2026-32321
published 2026-03-18

CVE-2026-32321: ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 #80…

PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.43%
34.5th percentile
ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 #80 within the `actions/ajax.php` endpoint. Due to insufficient input sanitization of the `userid` parameter, an authenticated attacker can execute arbitrary SQL queries, leading to full database disclosure and potential administrative account takeover. Version 5.5.3 #80 fixes the issue.

Affected

2 ranges
VendorProductVersion rangeFixed in
macwarriorclipbucket-v5< 5.5.3 - #805.5.3 - #80
oxygenzclipbucket>= 5.3 < 5.5.3-805.5.3-80
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.