ghost

Top products

The 15 most recently published vulnerabilities affecting ghost.

• CVE-2026-29784Ghost: Incomplete CSRF protections around OTC use7.5Mar 7, 2026
• CVE-2026-26980Ghost has a SQL Injection in its Content API9.4Feb 20, 2026
• CVE-2026-24778Ghost vulnerable to XSS via malicious Portal preview links8.8Jan 27, 2026
• CVE-2026-22597Ghost has SSRF via External Media Inliner2.7Jan 10, 2026
• CVE-2026-22596Ghost has SQL Injection in Members Activity Feed6.7Jan 10, 2026
• CVE-2026-22595Ghost has Staff Token permission bypass8.1Jan 10, 2026
• CVE-2026-22594Ghost has Staff 2FA bypass8.1Jan 10, 2026
• CVE-2025-9862Ghost 6.0.6 - SSRF via oEmbed Bookmark6.5Sep 17, 2025
• CVE-2024-43409Ghost's improper authentication allows access to member information and actions6.5Aug 20, 2024
• CVE-2024-34451Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is ...9.1Jun 16, 2024
• CVE-2024-34448Ghost before 5.82.0 allows CSV Injection during a member CSV export.8.8May 22, 2024
• CVE-2024-23724Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact wit...9.0Feb 11, 2024
• CVE-2024-23725Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.6.1Jan 21, 2024
• CVE-2023-40028Arbitrary file read via symlinks in Ghost4.9Aug 15, 2023
• CVE-2023-31133Ghost vulnerable to disclosure of private API fields7.5May 8, 2023