CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before validating them, creating a window where an attacker can execute arbitrary PHP code before the file is deleted. The uploaded file was moved to a web-accessible path via move_uploaded_file(), then validated via ValidateImage(). If validation failed, the file was deleted via @unlink(). This vulnerability is fixed in 5.5.3 - #40.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.6%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2026-25728

Oxygenz » Clipbucket » Version: 5.3

cpe:2.3:a:oxygenz:clipbucket:5.3
Oxygenz » Clipbucket » Version: 5.3.1

cpe:2.3:a:oxygenz:clipbucket:5.3.1
Oxygenz » Clipbucket » Version: 5.4.0

cpe:2.3:a:oxygenz:clipbucket:5.4.0
Oxygenz » Clipbucket » Version: 5.4.1

cpe:2.3:a:oxygenz:clipbucket:5.4.1
Oxygenz » Clipbucket » Version: 5.5.0

cpe:2.3:a:oxygenz:clipbucket:5.5.0
Oxygenz » Clipbucket » Version: 5.5.1

cpe:2.3:a:oxygenz:clipbucket:5.5.1
Oxygenz » Clipbucket » Version: 5.5.1-141

cpe:2.3:a:oxygenz:clipbucket:5.5.1-141
Oxygenz » Clipbucket » Version: 5.5.1-200

cpe:2.3:a:oxygenz:clipbucket:5.5.1-200
Oxygenz » Clipbucket » Version: 5.5.1-237

cpe:2.3:a:oxygenz:clipbucket:5.5.1-237
Oxygenz » Clipbucket » Version: 5.5.1-238

cpe:2.3:a:oxygenz:clipbucket:5.5.1-238
Oxygenz » Clipbucket » Version: 5.5.1-239

cpe:2.3:a:oxygenz:clipbucket:5.5.1-239
Oxygenz » Clipbucket » Version: 5.5.2-103

cpe:2.3:a:oxygenz:clipbucket:5.5.2-103
Oxygenz » Clipbucket » Version: 5.5.2-106

cpe:2.3:a:oxygenz:clipbucket:5.5.2-106
Oxygenz » Clipbucket » Version: 5.5.2-114

cpe:2.3:a:oxygenz:clipbucket:5.5.2-114
Oxygenz » Clipbucket » Version: 5.5.2-117

cpe:2.3:a:oxygenz:clipbucket:5.5.2-117
Oxygenz » Clipbucket » Version: 5.5.2-120

cpe:2.3:a:oxygenz:clipbucket:5.5.2-120
Oxygenz » Clipbucket » Version: 5.5.2-123

cpe:2.3:a:oxygenz:clipbucket:5.5.2-123
Oxygenz » Clipbucket » Version: 5.5.2-129

cpe:2.3:a:oxygenz:clipbucket:5.5.2-129
Oxygenz » Clipbucket » Version: 5.5.2-133

cpe:2.3:a:oxygenz:clipbucket:5.5.2-133
Oxygenz » Clipbucket » Version: 5.5.2-135

cpe:2.3:a:oxygenz:clipbucket:5.5.2-135
Oxygenz » Clipbucket » Version: 5.5.2-138

cpe:2.3:a:oxygenz:clipbucket:5.5.2-138
Oxygenz » Clipbucket » Version: 5.5.2-140

cpe:2.3:a:oxygenz:clipbucket:5.5.2-140
Oxygenz » Clipbucket » Version: 5.5.2-141

cpe:2.3:a:oxygenz:clipbucket:5.5.2-141
Oxygenz » Clipbucket » Version: 5.5.2-142

cpe:2.3:a:oxygenz:clipbucket:5.5.2-142
Oxygenz » Clipbucket » Version: 5.5.2-145

cpe:2.3:a:oxygenz:clipbucket:5.5.2-145
Oxygenz » Clipbucket » Version: 5.5.2-146

cpe:2.3:a:oxygenz:clipbucket:5.5.2-146
Oxygenz » Clipbucket » Version: 5.5.2-147

cpe:2.3:a:oxygenz:clipbucket:5.5.2-147
Oxygenz » Clipbucket » Version: 5.5.2-152

cpe:2.3:a:oxygenz:clipbucket:5.5.2-152
Oxygenz » Clipbucket » Version: 5.5.2-156

cpe:2.3:a:oxygenz:clipbucket:5.5.2-156
Oxygenz » Clipbucket » Version: 5.5.2-157

cpe:2.3:a:oxygenz:clipbucket:5.5.2-157
Oxygenz » Clipbucket » Version: 5.5.2-162

cpe:2.3:a:oxygenz:clipbucket:5.5.2-162
Oxygenz » Clipbucket » Version: 5.5.2-163

cpe:2.3:a:oxygenz:clipbucket:5.5.2-163
Oxygenz » Clipbucket » Version: 5.5.2-164

cpe:2.3:a:oxygenz:clipbucket:5.5.2-164
Oxygenz » Clipbucket » Version: 5.5.2-74

cpe:2.3:a:oxygenz:clipbucket:5.5.2-74
Oxygenz » Clipbucket » Version: 5.5.2-82

cpe:2.3:a:oxygenz:clipbucket:5.5.2-82
Oxygenz » Clipbucket » Version: 5.5.2-86

cpe:2.3:a:oxygenz:clipbucket:5.5.2-86
Oxygenz » Clipbucket » Version: 5.5.2-90

cpe:2.3:a:oxygenz:clipbucket:5.5.2-90
Oxygenz » Clipbucket » Version: 5.5.2-98

cpe:2.3:a:oxygenz:clipbucket:5.5.2-98

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25728

Products

Pricing

Contact Us