Lucene search
K
LitespeedtechLitespeed Web Server

5 matches found

CVE
CVE
added 2010/06/18 8:0 p.m.159 views

CVE-2010-2333

LiteSpeed Web Server 4.0.x prior to 4.0.15 is affected by CVE-2010-2333: an HTTP request containing a null byte followed by .txt can disclose the source code of scripts. This vulnerability enables an attacker to read server-side script sources, potentially exposing sensitive information. Impact i...

5CVSS9.2AI score0.60196EPSS
Web
CVE
CVE
added 2004/03/18 5:0 a.m.110 views

CVE-2004-0112

The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...

5CVSS7.2AI score0.10424EPSS
CVE
CVE
added 2012/09/06 9:0 p.m.49 views

CVE-2012-4871

CVE-2012-4871 affects LiteSpeed Web Server 4.1.11, with an XSS in the administrator panel via the gtitle parameter of service/graph_html.php. The vulnerability allows remote attackers to inject arbitrary web scripts/HTML. Documents do not provide exploitation details or a confirmed patch; remedia...

4.3CVSS5.8AI score0.01633EPSS
Web
CVE
CVE
added 2025/08/01 12:0 a.m.39 views

CVE-2025-54939

CVE-2025-54939 affects the LiteSpeed QUIC (LSQUIC) Library prior to 4.3.1, where a memory leak in the lsquic_engine_packet_in path can cause linear memory growth and potential DoS. The vulnerability is triggered by mis-handling coalesced QUIC Initial packets before a handshake, leading to memory ...

7.5CVSS7.2AI score0.00766EPSS
CVE
CVE
added 2026/03/16 5:21 a.m.20 views

CVE-2026-31386

OpenLiteSpeed and LSWS Enterprise (LiteSpeed Technologies) are affected by CVE-2026-31386, an OS command injection (CWE-78). The vulnerability allows an arbitrary OS command to be executed by an attacker with administrative privileges. Public sources corroborate impact as arbitrary command execut...

8.6CVSS7.1AI score0.01513EPSS