Litespeedtech Litespeed Web Server vulnerabilities
5 known vulnerabilities affecting litespeedtech/litespeed_web_server.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2010-2333P3MEDIUMCVSS 5.0PoCv4.0v4.0.1+13 more2010-06-18
CVE-2010-2333 [MEDIUM] CWE-200 CVE-2010-2333: LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
nvd
CVE-2026-31386P2HIGHCVSS 8.6fixed in 6.3.52026-03-16
CVE-2026-31386 [HIGH] CWE-78 CVE-2026-31386: OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
nvd
CVE-2012-4871P4MEDIUMCVSS 4.3PoCv4.1.112012-09-06
CVE-2012-4871 [MEDIUM] CWE-79 CVE-2012-4871: Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in Lit
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
nvd
CVE-2025-54939P4HIGHCVSS 7.5fixed in 6.3.42025-08-01
CVE-2025-54939 [HIGH] CWE-770 CVE-2025-54939: LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
nvd
CVE-2004-0112P4MEDIUMCVSS 5.0v1.0.12004-11-23
CVE-2004-0112 [MEDIUM] CWE-125 CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
nvd