CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-57785 Double free in XSLT in 'show_index'

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

CVE-2025-57785 Double free in XSLT in 'show_index'

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

EUVD-2025-206341

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

CVE-2025-57785

CVE-2025-57785 — Double Free in XSLT show_index (Hiawatha Webserver) Affected software: Hiawatha webserver versions 10.8.2 through 11.7 (as cited by Red Hat and CVE trackers). Technical detail: The vulnerability is a double free in the XSLT function show_index, a memory management error that may ...

CVE-2025-57785

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

EUVD-2025-206340

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...

CVE-2025-57783 Improper header parsing may lead to request smuggling

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...

CVE-2025-57783 Improper header parsing may lead to request smuggling

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...

PT-2026-4797

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

PT-2026-4798

Name of the Vulnerable Software and Affected Versions Hiawatha version 11.7 Description A double free issue exists in the XSLT show index function of the Hiawatha webserver. This allows an unauthenticated attacker to corrupt data, potentially leading to arbitrary code execution. The issue involve...

PT-2026-4785

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...

Oracle Access Manager (January 2026 CPU)

The 12.2.1.4.0 and 14.1.2.1.0 versions of Access Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Webserver Plugin Intel C++...

VulnCheck KEV: CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

MiracleLinux 4 : subversion-1.6.11-2.AXS4.4 (AXSA:2011-732:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-732:02 advisory. Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files a...

CVE-2005-1661

Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service server crash via a long GET request, possibly triggering a buffer overflow...

CVE-2003-1568

GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an invalid URL, related to the websSafeUrl function...

CVE-2003-1569

GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service daemon crash via an HTTP request with a 1 con, 2 nul, 3 clock$, or 4 config$ device name in a path component, different vectors than CVE-2001-0385...

CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...