hsleisink

2 exploits Active since Jan 2026
CVE-2025-57784 WRITEUP LOW WRITEUP
Hiawatha 11.7 - Timing Attack via Tomahawk Auth strcmp
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
CVSS 3.3
CVE-2025-57785 WRITEUP MEDIUM WRITEUP
Hiawatha Webserver 11.7 - Unauthenticated Double Free in XSLT show_index
A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.
CVSS 6.5