CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

Hiawatha security vulnerabilities

Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by the use of strcmp, which may...

CVE-2025-5702

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller those registers are defined as non-volatile registers by the powerpc64le ABI, resulting in overwriting of its...

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

JWT C Library Security Vulnerability

JWT C Library is a JWT C library open source by Ben Collins. A security vulnerability exists in JWT C Library version 1.15.3, which stems from the use of strcmp to authenticate, resulting in an authentication bypass vulnerability...

PHP-JWT Security Vulnerability

PHP-JWT is a simple library for encoding and decoding JSON Web Tokens JWT in PHP, compliant with RFC 7519. A security vulnerability exists in PHP-JWT version 1.0.0, which stems from the use of strcmp to authenticate, resulting in an authentication bypass vulnerability...