459 matches found
CVE-2022-0072
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1...
CVE-2022-30592
liblsquic/lsquicqenchdl.c in LiteSpeed QUIC aka LSQUIC before 3.1.0 mishandles MAXTABLECAPACITY...
CVE-2021-24963
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qcres parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2021-24964
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...
CVE-2020-29172
A cross-site scripting XSS vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting...
WordPress LiteSpeed Cache plugin <= 7.0.1 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by TaiYou in WordPress Plugin LiteSpeed Cache versions = 7.0.1...
Litespeed Cache 6.5.0.1 Authentication Bypass
Litespeed Cache version 6.5.0.1 suffers from an authentication bypass vulnerability. Exploit Title: Litespeed unauthorized account takeover Google Dork: if applicable Date: reported on 17 September 2024 Exploit Author: Gnzls Vendor Homepage: https://www.litespeedtech.com/ Software Link:...
Litespeed Cache 6.5.0.1 - Authentication Bypass
Exploit Title: Litespeed Cache 6.5.0.1 - Authentication Bypass Google Dork: if applicable Date: reported on 17 September 2024 Exploit Author: Gnzls Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://github.com/gbrsh/CVE-2024-44000?tab=readme-ov-file Version: 6.5.0.1 Tested on:...
VulnCheck KEV: CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1...
VulnCheck KEV: CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1...
VulnCheck KEV: CVE-2024-47374
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through = 6.5.0.2...
VulnCheck KEV: CVE-2024-44000
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...
CVE-2025-24947
A hash collision vulnerability in the hash table used to manage connections in LSQUIC aka LiteSpeed QUIC before 4.2.0 allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs. This is caused by...
CVE-2025-24947
A hash collision vulnerability in the hash table used to manage connections in LSQUIC aka LiteSpeed QUIC before 4.2.0 allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs. This is caused by...
Litespeed Technologie LiteSpeed QUIC(LSQUIC) 安全漏洞
Litespeed Technologie LiteSpeed QUIC LSQUIC is an open source implementation of QUIC and HTTP/3 functionality for servers and clients from Litespeed Technologie, USA. A security vulnerability exists in Litespeed Technologie LiteSpeed QUIC LSQUIC prior to version 4.2.0 that stems from the presence...
CVE-2025-24947
CVE-2025-24947 (LSQUIC) : LSQUIC (LiteSpeed QUIC) versions prior to 4.2.0 are affected by a hash collision vulnerability in the hash table used to manage connections. Remote attackers can trigger a Hash DoS by initiating connections with colliding Source Connection IDs (SCIDs) due to XXH32 usage,...
CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1...
CVE-2024-47637
Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through = 6.4.1...
CVE-2024-50550
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through = 6.5.1...
CVE-2024-28000
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through = 6.3.0.1...