Macwarrior Clipbucket-V5 vulnerabilities
28 known vulnerabilities affecting macwarrior/clipbucket-v5.
Total CVEs
28
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH9MEDIUM12
Vulnerabilities
Page 2 of 2
CVE-2026-47238P3MEDIUMCVSS 6.5fixed in 5.5.3 - #1332026-06-11
CVE-2026-47238 [MEDIUM] CWE-639 CVE-2026-47238: ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal auth
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - #133.
nvd
CVE-2026-26005P4MEDIUMCVSS 5.0fixed in 5.5.3 - #452026-02-12
CVE-2026-26005 [MEDIUM] CWE-918 CVE-2026-26005: ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SSRF can be triggered, causing GET requests to be sent
nvd
CVE-2025-64339P4MEDIUMCVSS 5.4fixed in 5.5.2-#1472025-11-07
CVE-2025-64339 [MEDIUM] CWE-79 CVE-2025-64339: ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containing HTML/JavaScript code, which is rendered unescaped
nvd
CVE-2025-64336P4MEDIUMCVSS 5.4fixed in 5.5.2-#1472025-11-07
CVE-2025-64336 [MEDIUM] CWE-79 CVE-2025-64336: ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or de
nvd
CVE-2025-62430P4MEDIUMCVSS 5.4fixed in 5.5.2 - #1462025-10-17
CVE-2025-62430 [MEDIUM] CWE-79 CVE-2025-62430: ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allow
ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields in Movieinfos accept user supplied values without adequate sanitization.
nvd
CVE-2026-26997P4MEDIUMCVSS 5.4fixed in 5.5.3 #592026-02-27
CVE-2026-26997 [MEDIUM] CWE-79 CVE-2026-26997: ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authent
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.
nvd
CVE-2025-62715P4MEDIUMCVSS 5.4fixed in 5.5.2-#1522025-11-04
CVE-2025-62715 [MEDIUM] CWE-79 CVE-2025-62715: ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stor
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later rendered unescaped in collection detail and tag-list pages. As a result, ar
nvd
CVE-2026-49482P4MEDIUMCVSS 4.3fixed in 5.5.3 - #1412026-06-12
CVE-2026-49482 [MEDIUM] CWE-155 CVE-2026-49482: ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request. Thi
nvd
← Previous2 / 2