CVE-2026-28354

Medium CVSS: 5.7

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item (/actions/add_to_collection.php) due to missing authorization checks and delete item (/manage_collections.php?mode=manage_items...) due to a broken ownership check in removeItemFromCollection(). As a result, attackers can insert and remove items from collections they do not own. Version 5.5.3 #59 fixes the issue.

Vendor

Oxygenz

Product

Clipbucket

CWE

CWE-639

Yayın Tarihi

2026-02-27 20:21:40

Güncelleme

2026-03-03 20:08:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Clipbucket MEDIUM Oxygenz 2026

Referanslar

https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-6wf8-rw5f-c9mv

Benzer Kayıtlar

High

CVE-2026-32321

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability ex…

Low

CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can stor…

Medium

CVE-2026-26005

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows…

Critical

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) ra…

Critical

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind…

Critical

CVE-2025-67418

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded…