Lucene search
K

29 matches found

NVD
NVD
added 2026/06/24 7:17 p.m.9 views

CVE-2026-53945

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...

4CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:17 p.m.8 views

CVE-2026-53944

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:8 p.m.9 views

CVE-2026-53946

Ghost (Node.js CMS) is affected in versions 6.19.4–6.21.1. During post re-render, Ghost fetches image dimensions by issuing an outbound HTTP request to the URL stored on an image card, without restricting allowed hosts. An authenticated staff user who can create or edit posts could point an image...

5.4CVSS5.9AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:7 p.m.26 views

CVE-2026-53947 Ghost: Member existence leak via magic link sign-in response

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...

5.3CVSS0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52071

Name of the Vulnerable Software and Affected Versions Ghost versions 5.18.0 through 6.21.0 Description A discrepancy in responses from the members signin endpoints allows an unauthenticated attacker to determine if a specific email address is registered as a member of the site. Recommendations...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52068

Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. An issue exists where the IP filter designed to prevent external requests from reaching internal services can be bypassed. This is achieved by using ...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References5
CVE
CVE
added 2026/03/07 3:30 p.m.19 views

CVE-2026-29784

Ghost (Node.js CMS) is affected between v5.101.6 and v6.19.2. The vulnerability is due to incomplete CSRF protections around /session/verify, allowing OTCs to be used in login sessions other than the requesting session. This could enable phishing attackers to take over a Ghost site in certain sce...

8.8CVSS5.7AI score0.00157EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.6 views

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

9.8CVSS6.1AI score0.00372EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:51 a.m.3 views

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

7.6CVSS6.2AI score0.00372EPSS
Exploits3References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.6 views

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS5.6AI score0.69996EPSS
Exploits7References1
NVD
NVD
added 2026/02/20 2:16 a.m.9 views

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS0.69996EPSS
Exploits7References4
ATTACKERKB
ATTACKERKB
added 2026/02/20 1:0 a.m.6 views

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS5.7AI score0.69996EPSS
Exploits7References4Affected Software1
OSV
OSV
added 2026/01/13 8:40 a.m.4 views

BIT-GHOST-2026-22594 Ghost has Staff 2FA bypass

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS6.7AI score0.00367EPSS
Exploits0References4
NVD
NVD
added 2026/01/10 3:15 a.m.5 views

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS0.00265EPSS
Exploits0References3
NVD
NVD
added 2026/01/10 3:15 a.m.8 views

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS0.00367EPSS
Exploits0References3
NVD
NVD
added 2026/01/10 3:15 a.m.5 views

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...

8.1CVSS0.00494EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 2:57 a.m.8 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References5
CVE
CVE
added 2026/01/10 2:57 a.m.21 views

CVE-2026-22596

CVE-2026-22596 affects Ghost, a Node.js CMS. A SQL injection flaw exists in Ghost’s /ghost/api/admin/members/events endpoint due to insufficient input validation, exploitable by users with Admin API credentials. Affected versions: 5.90.0–5.130.5 and 6.0.0–6.10.3. The issue allows arbitrary SQL ex...

7.2CVSS7.2AI score0.00413EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/10 2:56 a.m.9 views

CVE-2026-22594 Ghost has Staff 2FA bypass

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS6.4AI score0.00367EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.8 views

PT-2026-2219

Name of the Vulnerable Software and Affected Versions Ghost versions 5.38.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in Ghost’s media inliner mechanism enables staff users with a valid authentication token for the Ghost...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References7
Rows per page
Query Builder