Lumiverse 安全漏洞

Lumiverse is a full-featured AI chat application suite developed by Prolix OCs’ individual developers. Versions of Lumiverse prior to 0.9.7 contained security vulnerabilities. These vulnerabilities stemmed from component overlay systems, which used Sucrase to translate user-provided TSX files and...

CVE-2021-47937

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

BIT-GHOST-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053

Ghost CMS CVE-2026-29053 affects Ghost 0.7.2–6.19.0, with a server-side code execution via malicious themes. The root cause is an unsafe Handlebars/jsonpath flow: the get helper could traverse the prototype chain, allowing a theme to execute arbitrary code on the server. The issue is fixed in Gho...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

Ghost 注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 0.7.2 to 6.19.0 have a vulnerability related to injections. This vulnerability arises due to specially crafted malicious themes that may execute arbitrary code on the server...

GHSA-CGC2-RCRH-QR5X Ghost Vulnerable to Remote Code Execution via Malicious Themes

Impact Specifically crafted malicious themes can execute arbitrary code on the server running Ghost. Vulnerable Versions This vulnerability is present in Ghost v0.7.2 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Workarounds Ghost generally recommends users refrain from installing...

Ghost Vulnerable to Remote Code Execution via Malicious Themes

Impact Specifically crafted malicious themes can execute arbitrary code on the server running Ghost. Vulnerable Versions This vulnerability is present in Ghost v0.7.2 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Workarounds Ghost generally recommends users refrain from installing...

PT-2026-23004

Name of the Vulnerable Software and Affected Versions Ghost versions 0.7.2 through 6.19.0 Description Ghost, a Node.js content management system, is affected by a code execution issue. Maliciously crafted themes can execute arbitrary code on the server. It is recommended to avoid installing...

PT-2024-1099

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description The issue is related to errors in the representation of information by the user interface of the Windows operating system, specifically in the Themes component. This can allow a remote attack...