Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS7AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2026/01/10 2:57 a.m.21 views

CVE-2026-22595

Ghost (Node.js CMS) versions 5.121.0–5.130.5 and 6.0.0–6.10.3 are affected by a Staff Token authentication vulnerability that allows access to endpoints intended for Staff Session authentication. External systems authenticated with Staff Tokens for Admin/Owner-role users could reach these endpoin...

8.1CVSS6.6AI score0.00494EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

Ghost 安全漏洞

Ghost is a hosting service from Ghost Open Source. A security vulnerability in Ghost versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3 stems from a flaw in the way Ghost handles staff token authentication, which could lead to improper access to certain endpoints that are restricted to...

8.1CVSS6.4AI score0.00494EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.4 views

PT-2026-2217

Name of the Vulnerable Software and Affected Versions Ghost versions 5.121.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in how Ghost manages Staff Token authentication permitted access to endpoints intended only for Staff...

8.1CVSS6.5AI score0.00494EPSS
Exploits0References11
Rows per page
Query Builder