Node JSfromNist3 days agoNVDUnauthenticated attackers can read arbitrary database data in Ghost versions 3.24.0 through 6.19.0 via an SQL injection flaw, fixed in 6.19.1.
Information securityfromSecurityWeek4 days agoGhost CMS Vulnerability Exploited to Hack Over 700 WebsitesCVE-2026-26980 SQL injection in Ghost has been exploited at scale to steal Admin API keys and inject malicious JavaScript into unpatched sites.
Node JSfromNist3 days agoNVDUnauthenticated attackers can read arbitrary database data in Ghost versions 3.24.0 through 6.19.0 via an SQL injection flaw, fixed in 6.19.1.
Information securityfromSecurityWeek4 days agoGhost CMS Vulnerability Exploited to Hack Over 700 WebsitesCVE-2026-26980 SQL injection in Ghost has been exploited at scale to steal Admin API keys and inject malicious JavaScript into unpatched sites.
Information securityfromThe Hacker News4 days agoGhost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix AttacksA critical Ghost CMS SQL injection flaw enables unauthenticated attackers to steal admin API keys and inject malicious JavaScript for ClickFix poisoning.