Ghost

Ghost

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2026-29053

  • EPSS 0.05%
  • Veröffentlicht 05.03.2026 05:51:41
  • Zuletzt bearbeitet 05.03.2026 19:38:33

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.

7.5

CVE-2026-26980

  • EPSS 0.1%
  • Veröffentlicht 20.02.2026 01:00:51
  • Zuletzt bearbeitet 20.02.2026 19:22:53

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

6.1

CVE-2026-24778

  • EPSS 0.01%
  • Veröffentlicht 27.01.2026 21:57:45
  • Zuletzt bearbeitet 02.02.2026 15:21:41

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScrip...

2.7

CVE-2026-22597

  • EPSS 0.07%
  • Veröffentlicht 10.01.2026 02:57:36
  • Zuletzt bearbeitet 15.01.2026 18:36:01

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to ...

7.2

CVE-2026-22596

  • EPSS 0.11%
  • Veröffentlicht 10.01.2026 02:57:19
  • Zuletzt bearbeitet 15.01.2026 18:35:34

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute a...

8.1

CVE-2026-22595

  • EPSS 0.03%
  • Veröffentlicht 10.01.2026 02:57:08
  • Zuletzt bearbeitet 15.01.2026 18:34:49

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be acces...

8.1

CVE-2026-22594

  • EPSS 0.01%
  • Veröffentlicht 10.01.2026 02:56:47
  • Zuletzt bearbeitet 15.01.2026 18:12:10

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.

6.5

CVE-2025-9862

Exploit
  • EPSS 0.02%
  • Veröffentlicht 17.09.2025 15:02:01
  • Zuletzt bearbeitet 24.02.2026 18:36:18

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

6.5

CVE-2024-43409

  • EPSS 0.45%
  • Veröffentlicht 20.08.2024 15:15:24
  • Zuletzt bearbeitet 26.08.2024 18:31:26

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46...

9.1

CVE-2024-34451

Exploit
  • EPSS 0.69%
  • Veröffentlicht 16.06.2024 22:15:09
  • Zuletzt bearbeitet 20.06.2025 18:06:23

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy t...