TODAY , four active exploits were detected, including vulnerabilities in JoomShaper SP Page Builder, Langflow, Joomlack Page Builder, and Adobe ColdFusion. A critical cache poisoning vulnerability (CVE-2026-53943) was identified in Ghost (npm), affecting versions 4.0.0 to 6.36.0, with a CVSS score of 9.6. The flaw allows unauthenticated attackers to inject malicious content that could hijack staff accounts, especially when using shared caching systems like Fastly and Cloudflare.
Ghost has released a patch (version 6.37.0) to fix the issue, and immediate updates are recommended for affected users. There is no confirmed exploitation reported yet.