Every CVE whose affected-product data names Lichess Lila, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-52186 — CVSS 6.5 (medium): Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF)…
CVE-2026-35208 — CVSS 5.4 (medium): lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and…