tryghost
Web & CMS Pluginscommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting tryghost.
- CVE-2026-53943Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header9.6
- CVE-2026-53944Ghost: Private IP filtering bypass to make server-side requests to internal services5.8
- CVE-2026-53945Ghost: Server-side request forgery via DNS rebinding in external request handling4.0
- CVE-2026-53946Ghost: Mobiledoc image-size fetch SSRF5.4
- CVE-2026-53947Ghost: Member existence leak via magic link sign-in response5.3
- CVE-2026-53948Ghost: File Upload Content-Type Spoofing5.4
- CVE-2026-53949Ghost Content API filter bypass reveals private fields5.3
- CVE-2026-53950@tryghost/activitypub: XSS in Ghost's ActivityPub client7.5
- CVE-2026-29784Ghost: Incomplete CSRF protections around OTC use7.5
- CVE-2026-29053Ghost Vulnerable to Remote Code Execution via Malicious Themes7.6
- CVE-2026-26980Ghost has a SQL Injection in its Content API9.4
- CVE-2026-24778Ghost vulnerable to XSS via malicious Portal preview links8.8
- CVE-2026-22597Ghost has SSRF via External Media Inliner2.7
- CVE-2026-22596Ghost has SQL Injection in Members Activity Feed6.7
- CVE-2026-22595Ghost has Staff Token permission bypass8.1