#web-injection

[ follow ]
#ghost-cms #cve-2026-26980 #sql-injection #clickfix
Information security
fromThe Hacker News
1 day ago

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

A critical Ghost CMS SQL injection flaw enables unauthenticated attackers to steal admin API keys and inject malicious JavaScript for ClickFix poisoning.
[ Load more ]