Browse all 6 CVE security advisories affecting QOS.CH Sarl. AI-powered Chinese analysis, POCs, and references for each vulnerability.
QOS.CH Sarl develops the popular web server software Lighttpd, primarily used for serving static and dynamic content efficiently. Historically, their vulnerabilities have commonly included remote code execution flaws, cross-site scripting issues, and privilege escalation weaknesses. The software has faced several security incidents over the years, with six CVEs recorded to date, highlighting ongoing challenges in secure web server development. Their products typically serve high-traffic environments where security vulnerabilities could lead to significant compromises. The company maintains a moderate security posture relative to other web server vendors, with vulnerabilities typically addressed in subsequent releases following responsible disclosure practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1225 | Malicious logback.xml configuration file allows instantiation of arbitrary classes — Logback-coreCWE-20 | 7.5AI | HighAI | 2026-01-22 |
| CVE-2025-11226 | Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino — Logback-coreCWE-20 | 7.5AI | HighAI | 2025-10-01 |
| CVE-2024-12801 | SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks — logbackCWE-918 | 7.5 | - | 2024-12-19 |
| CVE-2024-12798 | JaninoEventEvaluator vulnerability — Logback-coreCWE-917 | 8.4 | - | 2024-12-19 |
| CVE-2023-6481 | Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix — logback | 7.1 | High | 2023-12-04 |
| CVE-2023-6378 | Logback "receiver" DOS vulnerability — logback | 7.1 | High | 2023-11-29 |
This page lists every published CVE security advisory associated with QOS.CH Sarl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.