Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS7AI score0.00265EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 8:40 a.m.3 views

BIT-GHOST-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.9AI score0.00265EPSS
Exploits0References4
NVD
NVD
added 2026/01/10 3:15 a.m.5 views

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS0.00265EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/10 2:57 a.m.3 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/10 2:57 a.m.24 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS0.00265EPSS
Exploits0References3
CVE
CVE
added 2026/01/10 2:57 a.m.17 views

CVE-2026-22597

CVE-2026-22597 affects Ghost (Node.js CMS). The vulnerability arises in Ghost’s media inliner mechanism, allowing staff with a valid Ghost Admin API token to exfiltrate data from internal systems via SSRF. Affected versions: 5.38.0–5.130.5 and 6.0.0–6.10.3. Remediation: upgrade to 5.130.6 or 6.11...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/10 2:57 a.m.8 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/10 2:57 a.m.10 views

EUVD-2026-1427

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.4AI score0.00265EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/08 9:36 p.m.2 views

Server-side Request Forgery (SSRF)

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the media inliner component. An attacker can access internal resources by sending crafted requests through the API while authenticated as a staff user. Remediation Upgra...

5.1CVSS6.7AI score0.00265EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/08 9:36 p.m.14 views

Ghost has SSRF via External Media Inliner

Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...

5.1CVSS7.1AI score0.00265EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/08 9:36 p.m.7 views

GHSA-VMC4-9828-R48R Ghost has SSRF via External Media Inliner

Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...

5.1CVSS7AI score0.00265EPSS
Exploits0References5
Rows per page
Query Builder