Vulnerabilities > Ghost > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2022-43441 Improper Control of Dynamically-Managed Code Resources vulnerability in Ghost Sqlite3
A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1.
network
low complexity
ghost CWE-913
critical
 9.8
9.8
2022-04-12 CVE-2022-28397 Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
ghost CWE-434
critical
 9.8
9.8
2022-04-12 CVE-2022-27139 Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.39.0
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.
network
low complexity
ghost CWE-434
critical
 9.8
9.8