Search
Search Results (12 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47437 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2026-04-01 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 7.0.1. | ||||
| CVE-2024-50550 | 2 Litespeed Technologies, Litespeedtech | 2 Litespeed Cache, Litespeed Cache | 2026-04-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1. | ||||
| CVE-2024-47637 | 2 Litespeed Technologies, Litespeedtech | 2 Litespeed Cache, Litespeed Cache | 2026-04-01 | 8.8 High |
| Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through <= 6.4.1. | ||||
| CVE-2024-47374 | 2 Litespeed Technologies, Litespeedtech | 2 Litespeed Cache, Litespeed Cache | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2. | ||||
| CVE-2024-47373 | 3 Litespeed Technologies, Litespeedtech, Wordpress | 3 Litespeed Cache, Litespeed Cache, Wordpress | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2. | ||||
| CVE-2024-51915 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.2. | ||||
| CVE-2026-31386 | 1 Litespeed Technologies | 2 Lsws Enterprise, Openlitespeed | 2026-03-24 | N/A |
| OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege. | ||||
| CVE-2021-47855 | 2 Litespeed Technologies, Litespeedtech | 2 Openlitespeed, Openlitespeed | 2026-03-05 | 7.2 High |
| Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon. | ||||
| CVE-2021-47903 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2026-01-26 | 8.8 High |
| LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection. | ||||
| CVE-2023-45000 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2025-07-12 | 8.2 High |
| Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7. | ||||
| CVE-2007-5654 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2025-04-09 | N/A |
| LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." | ||||
| CVE-2005-3695 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | ||||
Page 1 of 1.