Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MacWarrior — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting MacWarrior. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MacWarrior operates as a specialized security testing framework designed for macOS environments, primarily targeting the validation of application integrity and system hardening. Its core utility lies in automating the detection of weaknesses within native and third-party macOS software, making it a critical tool for developers and security auditors seeking to preemptively identify flaws before deployment. Historically, vulnerabilities associated with this platform have frequently involved remote code execution, cross-site scripting, and privilege escalation issues, often stemming from improper input validation or insufficient access controls within its own modules. While no single catastrophic incident has defined its public history, the accumulation of twenty-two recorded CVEs highlights persistent challenges in maintaining secure codebases for complex security utilities. These findings underscore the necessity for rigorous peer review and continuous integration security testing, as even defensive tools can become attack vectors if their own internal mechanisms are compromised.

Top products by MacWarrior: clipbucket-v5
CVE IDTitleCVSSSeverityPublished
CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration — clipbucket-v5CWE-89 8.8 High2026-03-18
CVE-2026-28354 ClipBucket v5 has IDOR in Collection Item Management — clipbucket-v5CWE-639 4.3 -2026-02-27
CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name — clipbucket-v5CWE-79 5.4 -2026-02-27
CVE-2026-26005 ClipBucket v5 enables internal network scans via an SSRF vulnerability — clipbucket-v5CWE-918 5.0 Medium2026-02-12
CVE-2026-25728 ClipBucket v5 Affected by Remote Code Execution via Avatar/Background File Upload Race Condition — clipbucket-v5CWE-367 8.1AIHighAI2026-02-10
CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments — clipbucket-v5CWE-89 9.8 Critical2026-01-07
CVE-2025-64338 ClipBucket's Manage Photos Feature is Vulnerable to Stored XSS via Collection Name — clipbucket-v5CWE-79--2025-12-15
CVE-2025-65113 ClipBucket v5 Unauthenticated Object Flagging Vulnerability — clipbucket-v5CWE-770 6.5 Medium2025-11-29
CVE-2025-62709 ClipBucket v5 is vulnerable to password reset link manipulation — clipbucket-v5CWE-640 6.8 Medium2025-11-20
CVE-2025-64339 ClipBucket v5: Stored XSS Vulnerability in Manage Playlists — clipbucket-v5CWE-79 5.4 -2025-11-07
CVE-2025-64336 ClipBucket v5's Manage Photo Feature is Vulnerable to Stored XSS Attack via Photo Title — clipbucket-v5CWE-79 5.4 -2025-11-07
CVE-2025-64114 ClipBucket v5: SQL Injection possible through ClipBucket Custom Fields plugin — clipbucket-v5CWE-89 6.5 Medium2025-11-05
CVE-2025-62715 ClipBucket v5: Stored XSS via Collection Tags — clipbucket-v5CWE-79 5.4AIMediumAI2025-11-04
CVE-2025-62429 ClipBucket v5 executes arbitrary PHP code — clipbucket-v5CWE-94 7.2 High2025-10-20
CVE-2025-62430 ClipBucket v5 stored XSS via video/photo fields — clipbucket-v5CWE-79 5.4 Medium2025-10-17
CVE-2025-62424 ClipBucket path traversal vulnerability in template editor allows arbitrary file read and write — clipbucket-v5CWE-22 6.7 Medium2025-10-17
CVE-2025-62423 ClipBucket V5 Blind SQL injection in the Admin Panel — clipbucket-v5CWE-89 6.7 Medium2025-10-16
CVE-2025-21624 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution — clipbucket-v5CWE-434 9.8 Critical2025-01-07
CVE-2025-21623 ClipBucket V5 Unauthenticated Template Directory Update to Denial-of-Service — clipbucket-v5CWE-22 7.5 High2025-01-07
CVE-2025-21622 ClipBucket V5 Avatar URL Path Traversal to Arbitrary File Delete — clipbucket-v5CWE-22 7.5 High2025-01-07
CVE-2024-54135 Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199 — clipbucket-v5CWE-502 9.8 Critical2024-12-06
CVE-2024-54136 Untrusted Deserialization in ClipBucket-v5 Version 5.5.1 Revision 199 and Below — clipbucket-v5CWE-502 9.8 Critical2024-12-06

This page lists every published CVE security advisory associated with MacWarrior. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.