CVE-2026-49482
4.3 MEDIUMClipBucket v5 is an open source video sharing platform
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-155, CWE-943
Description
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request. This issue has been patched in version 5.5.3 - #141.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-47835 — In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, an... (8.6 HIGH)
- CVE-2026-47181 — PenguinMod-BackendApi is the backend api for penguinmod
- CVE-2026-53674 — BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibilit... (7.1 HIGH)
- CVE-2026-41697 — Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING,... (4.8 MEDIUM)
- CVE-2026-41696 — Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of th... (5.9 MEDIUM)