Lucene search
K

131 matches found

Nuclei
Nuclei
added 12 hours ago43 views

Ghost CMS - User Enumeration

Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...

5.3CVSS6.3AI score0.20196EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday231 views

Ghost CMS Content API - SQL Injection

Ghost CMS before 6.19.1 is vulnerable to a blind SQL injection in the /ghost/api/content/tags/ endpoint via the filter parameter. This template checks for the vulnerability by sending a boolean-based payload. id: CVE-2026-26980 info: name: Ghost CMS Content API - SQL Injection author:...

9.4CVSS7.1AI score0.69996EPSS
Exploits7References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References6Affected Software1
CVE
CVE
added 5 days ago13 views

CVE-2026-59817

Ghost is a Node.js content management system. Affects versions from 6.27.0 up to but not including 6.44.0; the public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment, without exposing cust...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-59817 Ghost: Paid gift memberships obtainable at minimal cost via the donations feature

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 11:39 p.m.9 views

BIT-GHOST-2026-53948 Ghost: File Upload Content-Type Spoofing

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-GHOST-2026-53947 Ghost: Member existence leak via magic link sign-in response

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53945 Ghost: Server-side request forgery via DNS rebinding in external request handling

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...

4CVSS5.8AI score0.0014EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:17 p.m.10 views

CVE-2026-53947

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...

5.3CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:17 p.m.10 views

CVE-2026-53948

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...

5.4CVSS0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:10 p.m.28 views

CVE-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 6:10 p.m.5 views

CVE-2026-53944

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 6:9 p.m.26 views

CVE-2026-53945

CVE-2026-53945 affects Ghost CMS: from 6.0.9 up to 6.21.1, the private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing the Ghost server to reach internal hosts through features that issue external fetches. Remediation: upgrade to Ghost 6.21.1 or later. Impact per...

4CVSS5.9AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:7 p.m.12 views

CVE-2026-53947

Ghost (Node.js CMS) contains a member existence leak via the magic link sign-in flow in versions 5.18.0–6.21.0, caused by differing responses from the members signin endpoints. An unauthenticated user could confirm whether an email is registered on a Ghost site. The issue is fixed in version 6.21...

5.3CVSS5.9AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52070

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Ghost, a Node.js content management system, fails to restrict outbound HTTP requests when refetching missing image dimensions during post re-rendering. An authenticated staff user with permissio...

5.4CVSS5.8AI score0.00122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52069

Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. A flaw in the private-IP check for outbound HTTP requests allows a bypass via DNS rebinding. DNS rebinding is a technique that tricks a browser or...

4CVSS5.8AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52073

Name of the Vulnerable Software and Affected Versions Ghost versions 5.46.1 through 6.21.1 Description Validation applied to filters on public API endpoints could be partially bypassed, allowing the disclosure of private fields through a brute force attack. The impact varies by database: when usi...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48873

Name of the Vulnerable Software and Affected Versions Ghost versions prior to 6.37.0 Description Ghost is a Node.js content management system. When deployed behind a shared caching layer that shares content between different visitors, an unauthenticated user can send an x-ghost-preview header to...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/29 4:16 a.m.110 views

Exploit for SQL Injection in Ghost

version Unauthenticated Stored Cross-Site Scripting CVE-2026-...

9.4CVSS6.1AI score0.69996EPSS
Exploits7
Rows per page
Query Builder