Known Vulnerabilities for products from Litespeedtech
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Litespeedtech".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-50550 json | Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escal... | Not Provided | 2024-10-29 | 2026-04-01 |
| CVE-2024-47637 json | Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This is... | Not Provided | 2024-10-16 | 2026-04-01 |
| CVE-2024-47374 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies ... | Not Provided | 2024-10-05 | 2026-04-01 |
| CVE-2024-47373 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies ... | Not Provided | 2024-10-05 | 2026-04-01 |
| CVE-2024-44000 json | Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentic... | Not Provided | 2024-10-20 | 2026-04-01 |
| CVE-2023-40518 json | LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. | 7.5 - HIGH | 2023-08-14 | 2023-08-22 |
| CVE-2023-4372 json | The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up ... | Not Provided | 2024-01-11 | 2026-04-08 |
| CVE-2022-46800 json | Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions. | 8.8 - HIGH | 2023-05-25 | 2023-05-31 |
| CVE-2022-30592 json | liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. | 9.8 - CRITICAL | 2022-05-11 | 2022-05-20 |
| CVE-2022-0074 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-10-27 | 2023-11-07 |
| CVE-2022-0073 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-10-27 | 2023-11-07 |
| CVE-2022-0072 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.8 - MEDIUM | 2022-10-27 | 2023-11-07 |
| CVE-2021-26758 json | Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal ... | 8.8 - HIGH | 2021-04-07 | 2021-04-12 |
| CVE-2021-24964 json | The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, ... | 6.1 - MEDIUM | 2022-01-03 | 2022-01-08 |
| CVE-2021-24963 json | The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS co... | 4.8 - MEDIUM | 2022-01-03 | 2022-01-08 |
| CVE-2020-29172 json | A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the ... | 6.1 - MEDIUM | 2020-12-26 | 2020-12-28 |
| CVE-2020-5519 json | The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Conf... | 9.8 - CRITICAL | 2020-01-06 | 2020-01-15 |
| CVE-2018-19792 json | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or p... | 6.7 - MEDIUM | 2018-12-03 | 2019-01-31 |
| CVE-2018-19791 json | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an att... | 6.5 - MEDIUM | 2018-12-03 | 2019-02-05 |
| CVE-2015-3890 json | Use-after-free vulnerability in Open Litespeed before 1.3.10. | 7.5 - HIGH | 2017-09-20 | 2020-07-31 |
Known software with vulnerabilities from Litespeedtech
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Litespeedtech | Litespeed Cache | - |
| Application | Litespeedtech | Litespeed Web Server | 4.0 |
| Application | Litespeedtech | Openlitespeed | 1.0 |