Exposure of Ghost
Blogs, CMS65
exposure score
3,177
sites use
0
exploited
7
critical
CVEs
31 resultsCVE-2026-24778HIGHGhost vulnerable to XSS via malicious Portal preview linksEPSS 0.3%CVE-2026-53943CRITICALGhost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview headerEPSS 0.2%CVE-2026-53949MEDIUMGhost Content API filter bypass reveals private fieldsEPSS 0.2%CVE-2026-53947MEDIUMGhost: Member existence leak via magic link sign-in responseEPSS 0.2%CVE-2026-53950HIGH@tryghost/activitypub: XSS in Ghost's ActivityPub clientEPSS 0.2%CVE-2026-53944MEDIUMGhost: Private IP filtering bypass to make server-side requests to internal servicesEPSS 0.2%CVE-2026-26365MEDIUMAkamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming requestEPSS 0.2%CVE-2026-29784HIGHGhost: Incomplete CSRF protections around OTC useEPSS 0.2%CVE-2026-53945MEDIUMGhost: Server-side request forgery via DNS rebinding in external request handlingEPSS 0.1%CVE-2026-53948MEDIUMGhost: File Upload Content-Type SpoofingEPSS 0.1%CVE-2026-53946MEDIUMGhost: Mobiledoc image-size fetch SSRFEPSS 0.1%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →