本頁列出影響 litespeedtech litespeed_web_server 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-31386 | OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege. | [email protected] | 8.6 | 1.51% | 2026-03-16 | 2026-06-08 |
| CVE-2025-54939 | LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. | [email protected] | 5.3 | 0.77% | 2025-08-01 | 2025-08-27 |
| CVE-2012-4871 | Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter. | [email protected] | 4.3 | 1.63% | 2012-09-06 | 2026-04-29 |
| CVE-2010-2333 | LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. | [email protected] | 5.0 | 60.20% | 2010-06-18 | 2026-04-29 |
| CVE-2004-0112 | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | [email protected] | 5.0 | 10.42% | 2004-11-23 | 2026-04-16 |