CVE-2026-31386
- EPSS 1.51%
- Veröffentlicht 16.03.2026 05:21:13
- Zuletzt bearbeitet 08.06.2026 13:14:09
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVE-2025-54939
- EPSS 0.77%
- Veröffentlicht 01.08.2025 00:00:00
- Zuletzt bearbeitet 27.08.2025 15:52:46
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVE-2012-4871
- EPSS 1.63%
- Veröffentlicht 06.09.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:49
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
- EPSS 60.2%
- Veröffentlicht 18.06.2010 20:30:01
- Zuletzt bearbeitet 16.06.2026 23:20:33
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
- EPSS 10.42%
- Veröffentlicht 23.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:57
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...