CVE Tools

litespeedtech

Networking Infrastructurecommercial

13

Cumulative CVEs

6

Monthly snapshots

#96

Peak rank

Top products

litespeed cache5

Latest CVEs

The 15 most recently published vulnerabilities affecting litespeedtech.

CVE-2026-54420LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running C...KEV8.5Jun 14, 2026
CVE-2026-3375LiteSpeed Cache <= 7.7 - Unauthenticated Stored Cross-Site Scripting via QUIC.cloud CCSS/UCSS REST API Endpoints7.2May 27, 2026
CVE-2026-48172LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jso...KEV9.8May 21, 2026
CVE-2026-31386OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative pr...7.2Mar 16, 2026
CVE-2025-12450LiteSpeed Cache <= 7.5.0.1 - Reflected Cross-Site Scripting6.1Oct 29, 2025
CVE-2025-54939LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.5.3Aug 1, 2025
CVE-2025-24947A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpeed QUIC) before 4.2.0 allows remote attackers to cause a considerable CPU load on the server (a H...5.3Feb 20, 2025
CVE-2024-50550WordPress LiteSpeed Cache plugin <= 6.5.1 - Privilege Escalation vulnerability8.1Oct 29, 2024
CVE-2024-44000WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability9.8Oct 20, 2024
CVE-2024-47637WordPress LiteSpeed Cache plugin <= 6.4.1 - Path Traversal vulnerability8.8Oct 16, 2024
CVE-2024-47373WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability6.5Oct 5, 2024
CVE-2024-47374WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability7.1Oct 5, 2024
CVE-2024-9169litespeed cache <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting5.5Sep 25, 2024
CVE-2024-28000WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability9.8Aug 21, 2024
CVE-2024-3246LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting6.1Jul 24, 2024