Moderate: Red Hat Security Advisory: Satellite 6.19.1 Async Update

A new release is now available for Red Hat Satellite 6.19 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Exploit for SQL Injection in Ghost

version Unauthenticated Stored Cross-Site Scripting CVE-2026-...

Exploit for SQL Injection in Ghost

CVE-2026-26980 👻 Ghost CMS Unauthenticated SQLi via Content...

BIT-GHOST-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053

Ghost CMS CVE-2026-29053 affects Ghost 0.7.2–6.19.0, with a server-side code execution via malicious themes. The root cause is an unsafe Handlebars/jsonpath flow: the get helper could traverse the prototype chain, allowing a theme to execute arbitrary code on the server. The issue is fixed in Gho...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

GHSA-CGC2-RCRH-QR5X Ghost Vulnerable to Remote Code Execution via Malicious Themes

Impact Specifically crafted malicious themes can execute arbitrary code on the server running Ghost. Vulnerable Versions This vulnerability is present in Ghost v0.7.2 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Workarounds Ghost generally recommends users refrain from installing...

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

CVE-2026-26980

CVE-2026-26980 is Ghost CMS unauthenticated SQL injection in the Content API (pre-6.19.1). Affected Ghost versions are 3.24.0 through 6.19.0; fixed in 6.19.1. The vulnerability allows reading arbitrary data from the database, with reports indicating attackers can exfiltrate sensitive data such as...

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

GHSA-W52V-V783-GW97 Ghost has a SQL injection in Content API

Impact A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. Vulnerable Versions This vulnerability is present in Ghost v3.24.0 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Note: as this...

PT-2026-20787

Name of the Vulnerable Software and Affected Versions Ghost versions 3.24.0 through 6.19.0 Description A blind SQL injection exists in the Content API of Ghost, a Node.js content management system. This flaw allows unauthenticated attackers to perform arbitrary reads from the database by sending...

GHSA-WRH9-CJV3-2HPW Sequelize vulnerable to SQL Injection via replacements

Impact The SQL injection exploit is related to replacements. Here is such an example: In the following query, some parameters are passed through replacements, and some are passed directly through the where option. typescript User.findAll where: or literal'soundex"firstName" = soundex:firstName',...