litespeedtech openlitespeed CVE 漏洞(13)

CVE 數: 13 CPE versions: View versions table

摘要

本頁列出影響 litespeedtech openlitespeed 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。

顯示 11313 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-31386 OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege. [email protected] 8.6 1.51% 2026-03-16 2026-06-17
CVE-2021-47855 Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon. [email protected] 5.1 0.24% 2026-01-21 2026-06-17
CVE-2025-54939 LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. [email protected] 5.3 0.77% 2025-08-01 2026-06-17
CVE-2024-31617 OpenLiteSpeed before 1.8.1 mishandles chunked encoding. [email protected] 5.3 0.44% 2024-05-22 2026-06-17
CVE-2023-40518 LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. [email protected] 7.5 0.55% 2023-08-14 2026-06-17
CVE-2022-0074 Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. [email protected] 8.8 1.15% 2022-10-27 2026-06-17
CVE-2022-0073 Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. [email protected] 8.8 8.66% 2022-10-27 2026-06-17
CVE-2022-0072 Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 [email protected] 5.8 0.97% 2022-10-27 2026-06-17
CVE-2021-26758 Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. [email protected] 8.8 2.71% 2021-04-07 2026-06-16
CVE-2020-5519 The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. [email protected] 9.8 1.20% 2020-01-06 2026-06-16
CVE-2018-19792 The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function. [email protected] 6.7 0.43% 2018-12-03 2026-06-16
CVE-2018-19791 The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring. [email protected] 6.5 1.24% 2018-12-03 2026-06-16
CVE-2015-3890 Use-after-free vulnerability in Open Litespeed before 1.3.10. [email protected] 7.5 1.06% 2017-09-20 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence