Vulnerabilities > Litespeedtech > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-14 | CVE-2023-40518 | Unspecified vulnerability in Litespeedtech Openlitespeed LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. | 7.5 |
2023-05-25 | CVE-2022-46800 | Cross-Site Request Forgery (CSRF) vulnerability in Litespeedtech Litespeed Cache Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions. | 8.8 |
2022-10-27 | CVE-2022-0073 | Improper Input Validation vulnerability in Litespeedtech Openlitespeed Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. | 8.8 |
2022-10-27 | CVE-2022-0074 | Untrusted Search Path vulnerability in Litespeedtech Openlitespeed Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. | 8.8 |
2022-05-11 | CVE-2022-30592 | NULL Pointer Dereference vulnerability in Litespeedtech Lsquic liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. | 7.5 |
2020-01-06 | CVE-2020-5519 | Improper Input Validation vulnerability in Litespeedtech Openlitespeed The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. | 7.5 |