Lucene search
K

5 matches found

OSV
OSV
added 2026/01/13 8:40 a.m.3 views

BIT-GHOST-2026-22596 Ghost has SQL Injection in Members Activity Feed

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...

7.2CVSS7.4AI score0.00413EPSS
Exploits0References4
NVD
NVD
added 2026/01/10 3:15 a.m.7 views

CVE-2026-22596

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...

7.2CVSS0.00413EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 2:57 a.m.5 views

CVE-2026-22596 Ghost has SQL Injection in Members Activity Feed

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...

6.7CVSS7.2AI score0.00413EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.8 views

PT-2026-2218

Name of the Vulnerable Software and Affected Versions Ghost versions 5.90.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in the /ghost/api/admin/members/events API endpoint permits authenticated Admin API users to execute...

7.2CVSS7.2AI score0.00413EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

Ghost SQL注入漏洞

Ghost is a hosting service of Ghost open source. An SQL injection vulnerability exists in Ghost versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in the /ghost/api/admin/members/events endpoint that could lead to the execution of arbitrary SQL by a user who has...

7.2CVSS7.8AI score0.00413EPSS
Exploits0References3
Rows per page
Query Builder