Node JSfromNist15 hours agoNVDUnauthenticated attackers can read arbitrary database data in Ghost versions 3.24.0 through 6.19.0 via an SQL injection flaw, fixed in 6.19.1.
Information securityfromSecurityWeek1 day agoGhost CMS Vulnerability Exploited to Hack Over 700 WebsitesCVE-2026-26980 SQL injection in Ghost has been exploited at scale to steal Admin API keys and inject malicious JavaScript into unpatched sites.
Node JSfromNist15 hours agoNVDUnauthenticated attackers can read arbitrary database data in Ghost versions 3.24.0 through 6.19.0 via an SQL injection flaw, fixed in 6.19.1.
Information securityfromSecurityWeek1 day agoGhost CMS Vulnerability Exploited to Hack Over 700 WebsitesCVE-2026-26980 SQL injection in Ghost has been exploited at scale to steal Admin API keys and inject malicious JavaScript into unpatched sites.
Information securityfromThe Hacker News1 day agoGhost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix AttacksA critical Ghost CMS SQL injection flaw enables unauthenticated attackers to steal admin API keys and inject malicious JavaScript for ClickFix poisoning.