CVE-2026-37470
HIGHDescription
An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-37470? +
How severe is CVE-2026-37470? +
How do I check if I'm vulnerable to CVE-2026-37470? +
Related Vulnerabilities
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions …
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser …
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted …
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open …
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user …
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly …