📦 Ghost

CVE-2026-26980 is an SQL injection vulnerability in Ghost CMS that allows unauthenticated attackers to read arbitrary data from the database. This affects Ghost versions 3.24.0 through 6.19.0. The vul...

Ghost CMS versions up to 5.76.0 contain a stored cross-site scripting (XSS) vulnerability in SVG profile picture uploads. A contributor-level attacker can upload malicious SVG files containing JavaScr...

CVE-2022-28397 is an arbitrary file upload vulnerability in Ghost CMS v4.42.0 that allows attackers to upload malicious files and potentially execute arbitrary code on the server. This affects Ghost C...

CVE-2022-27139 is an arbitrary file upload vulnerability in Ghost CMS v4.39.0 that allows authenticated users to upload SVG files containing malicious JavaScript. This primarily affects Ghost administ...

This is a cross-site scripting (XSS) vulnerability in Ghost CMS that allows attackers to craft malicious links. When authenticated staff users or members click these links, JavaScript executes with th...

This vulnerability in Ghost CMS allows attackers to brute-force filter parameters on public API endpoints to reveal private fields like passwords and emails. Self-hosted Ghost instances below version ...

CVE-2023-32235 is a directory traversal vulnerability in Ghost CMS that allows remote attackers to read arbitrary files within the active theme's folder. Attackers can exploit this by manipulating URL...

A Server-Side Request Forgery (SSRF) vulnerability in Ghost allows attackers to make the server send requests to internal resources that should not be accessible. This affects Ghost installations from...

Ghost CMS versions 4.46.0 through 5.89.4 have improper authentication on certain member action endpoints, allowing attackers to perform member-only actions and access member information without proper...