Search Results (6 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-47903 2 Litespeed Technologies, Litespeedtech 2 Litespeed Web Server, Litespeed Web Server 2026-07-15 8.8 High
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.
CVE-2026-31386 2 Litespeed Technologies, Litespeedtech 4 Lsws Enterprise, Openlitespeed, Litespeed Web Server and 1 more 2026-06-18 N/A
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2026-04-16 N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2025-54939 1 Litespeedtech 4 Litespeed Web Adc, Litespeed Web Server, Lsquic and 1 more 2025-08-27 5.3 Medium
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVE-2010-2333 1 Litespeedtech 1 Litespeed Web Server 2025-04-11 N/A
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
CVE-2012-4871 1 Litespeedtech 1 Litespeed Web Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.