Vendor CVEs
Tryghost
All CVEs
43 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-26980 | Cri | 0.63 | 9.4 | 0.70 | Feb 20, 2026 | Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1. | ||
| CVE-2024-34559 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0. | ||
| CVE-2025-9992 | Med | 0.35 | 6.4 | 0.00 | Sep 18, 2025 | The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2025-54142 | Med | 0.26 | 4.0 | 0.00 | Aug 29, 2025 | Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain… | ||
| CVE-2025-32094 | Med | 0.26 | 4.0 | 0.01 | Aug 7, 2025 | An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two… | ||
| CVE-2026-22597 | Low | 0.11 | 2.7 | 0.00 | Jan 10, 2026 | Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from… | ||
| CVE-2024-23724 | 0.03 | — | 0.03 | Feb 11, 2024 | Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The… | |||
| CVE-2023-40028 | 0.01 | — | 0.58 | Aug 15, 2023 | Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site… | |||
| CVE-2022-41697 | 0.01 | — | 0.20 | Dec 23, 2022 | A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||
| CVE-2026-53943 | 0.00 | — | 0.00 | Jun 24, 2026 | Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend… | |||
| CVE-2026-53945 | 0.00 | — | 0.00 | Jun 24, 2026 | Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue… | |||
| CVE-2026-53946 | 0.00 | — | 0.00 | Jun 24, 2026 | Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An… | |||
| CVE-2026-53947 | 0.00 | — | 0.00 | Jun 24, 2026 | Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This… | |||
| CVE-2026-53948 | 0.00 | — | 0.00 | Jun 24, 2026 | Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage… | |||
| CVE-2026-53949 | 0.00 | — | 0.00 | Jun 24, 2026 | Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private fields via a brute force attack. If SQLite was used as the database password… | |||
| CVE-2026-53950 | 0.00 | — | 0.00 | Jun 24, 2026 | @tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously customised ActivityPub server. This vulnerability is fixed in 3.1.0. | |||
| CVE-2026-29784 | 0.00 | — | 0.00 | Mar 7, 2026 | Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to… | |||
| CVE-2026-29053 | 0.00 | — | 0.00 | Mar 5, 2026 | Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1. | |||
| CVE-2026-24778 | 0.00 | — | 0.00 | Jan 27, 2026 | Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's… | |||
| CVE-2026-22596 | 0.00 | — | 0.00 | Jan 10, 2026 | Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has… | |||
| CVE-2026-22595 | 0.00 | — | 0.00 | Jan 10, 2026 | Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session… | |||
| CVE-2026-22594 | 0.00 | — | 0.00 | Jan 10, 2026 | Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0. | |||
| CVE-2025-66373 | 0.00 | — | 0.00 | Dec 4, 2025 | Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk… | |||
| CVE-2025-9862 | 0.00 | — | 0.00 | Sep 17, 2025 | Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3. | |||
| CVE-2025-2056 | 0.00 | — | 0.01 | Mar 14, 2025 | The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types… | |||
| CVE-2025-27092 | 0.00 | — | 0.01 | Feb 19, 2025 | GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo… | |||
| CVE-2024-43409 | 0.00 | — | 0.00 | Aug 20, 2024 | Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains… | |||
| CVE-2024-34451 | 0.00 | — | 0.01 | Jun 16, 2024 | Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted… | |||
| CVE-2024-34448 | 0.00 | — | 0.01 | May 22, 2024 | Ghost before 5.82.0 allows CSV Injection during a member CSV export. | |||
| CVE-2024-23725 | 0.00 | — | 0.00 | Jan 21, 2024 | Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. | |||
| CVE-2023-31133 | 0.00 | — | 0.46 | May 8, 2023 | Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private… | |||
| CVE-2023-26510 | 0.00 | — | 0.01 | Mar 5, 2023 | Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this… | |||
| CVE-2022-47197 | 0.00 | — | 0.01 | Jan 19, 2023 | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To… | |||
| CVE-2022-47196 | 0.00 | — | 0.01 | Jan 19, 2023 | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To… | |||
| CVE-2022-47195 | 0.00 | — | 0.01 | Jan 19, 2023 | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To… | |||
| CVE-2022-47194 | 0.00 | — | 0.01 | Jan 19, 2023 | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To… | |||
| CVE-2022-41654 | 0.00 | — | 0.19 | Dec 23, 2022 | An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||
| CVE-2022-27139 | 0.00 | — | 0.04 | Apr 12, 2022 | An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated… | |||
| CVE-2021-39192 | 0.00 | — | 0.01 | Sep 3, 2021 | Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege… | |||
| CVE-2021-32817 | 0.00 | — | 0.01 | May 14, 2021 | express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This… | |||
| CVE-2021-29484 | 0.00 | — | 0.08 | Apr 29, 2021 | Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter… | |||
| CVE-2020-35185 | 0.00 | — | 0.03 | Dec 17, 2020 | The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||
| CVE-2020-8134 | 0.00 | — | 0.01 | Mar 20, 2020 | Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. |
- risk 0.63cvss 9.4epss 0.70
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.
- risk 0.35cvss 6.4epss 0.00
The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.26cvss 4.0epss 0.00
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain…
- risk 0.26cvss 4.0epss 0.01
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two…
- risk 0.11cvss 2.7epss 0.00
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from…
- CVE-2024-23724Feb 11, 2024risk 0.03cvss —epss 0.03
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The…
- CVE-2023-40028Aug 15, 2023risk 0.01cvss —epss 0.58
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site…
- CVE-2022-41697Dec 23, 2022risk 0.01cvss —epss 0.20
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.
- CVE-2026-53943Jun 24, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend…
- CVE-2026-53945Jun 24, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue…
- CVE-2026-53946Jun 24, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An…
- CVE-2026-53947Jun 24, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This…
- CVE-2026-53948Jun 24, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage…
- CVE-2026-53949Jun 24, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private fields via a brute force attack. If SQLite was used as the database password…
- CVE-2026-53950Jun 24, 2026risk 0.00cvss —epss 0.00
@tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously customised ActivityPub server. This vulnerability is fixed in 3.1.0.
- CVE-2026-29784Mar 7, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to…
- CVE-2026-29053Mar 5, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
- CVE-2026-24778Jan 27, 2026risk 0.00cvss —epss 0.00
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's…
- CVE-2026-22596Jan 10, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has…
- CVE-2026-22595Jan 10, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session…
- CVE-2026-22594Jan 10, 2026risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
- CVE-2025-66373Dec 4, 2025risk 0.00cvss —epss 0.00
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk…
- CVE-2025-9862Sep 17, 2025risk 0.00cvss —epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
- CVE-2025-2056Mar 14, 2025risk 0.00cvss —epss 0.01
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types…
- CVE-2025-27092Feb 19, 2025risk 0.00cvss —epss 0.01
GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo…
- CVE-2024-43409Aug 20, 2024risk 0.00cvss —epss 0.00
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains…
- CVE-2024-34451Jun 16, 2024risk 0.00cvss —epss 0.01
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted…
- CVE-2024-34448May 22, 2024risk 0.00cvss —epss 0.01
Ghost before 5.82.0 allows CSV Injection during a member CSV export.
- CVE-2024-23725Jan 21, 2024risk 0.00cvss —epss 0.00
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
- CVE-2023-31133May 8, 2023risk 0.00cvss —epss 0.46
Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private…
- CVE-2023-26510Mar 5, 2023risk 0.00cvss —epss 0.01
Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this…
- CVE-2022-47197Jan 19, 2023risk 0.00cvss —epss 0.01
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To…
- CVE-2022-47196Jan 19, 2023risk 0.00cvss —epss 0.01
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To…
- CVE-2022-47195Jan 19, 2023risk 0.00cvss —epss 0.01
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To…
- CVE-2022-47194Jan 19, 2023risk 0.00cvss —epss 0.01
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To…
- CVE-2022-41654Dec 23, 2022risk 0.00cvss —epss 0.19
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2022-27139Apr 12, 2022risk 0.00cvss —epss 0.04
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated…
- CVE-2021-39192Sep 3, 2021risk 0.00cvss —epss 0.01
Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege…
- CVE-2021-32817May 14, 2021risk 0.00cvss —epss 0.01
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This…
- CVE-2021-29484Apr 29, 2021risk 0.00cvss —epss 0.08
Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter…
- CVE-2020-35185Dec 17, 2020risk 0.00cvss —epss 0.03
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
- CVE-2020-8134Mar 20, 2020risk 0.00cvss —epss 0.01
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.