CVE-2025-15237 Quanta Computer｜QOCA aim AI Medical Cloud Platform - Path Traversal

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...

CVE-2025-15237

creationtimestamp| type| source ---|---|--- 2026-01-05 06:58:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html 2026-01-05 08:56:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbo2xroxkw2u...

CVE-2020-15237

In Shrine before version 3.3.0, when using the derivationendpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.securecompare...

Linux Distros Unpatched Vulnerability : CVE-2019-15237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237 Note that Nessus relies on the presence of t...

Mageia: Security Advisory (MGASA-2019-0420)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-15237

creationtimestamp| type| source ---|---|--- 2020-10-05 22:27:25+00:00| seen| https://t.me/cibsecurity/15062...

CVE-2020-15237

CVE-2020-15237 affects Shrine prior to 3.3.0 when using the derivation_endpoint plugin. The issue is a timing attack that could allow an attacker to guess the signature of the derivation URL. The advisory notes that the vulnerability is fixed by comparing the sent and calculated signatures in con...

CVE-2020-15237 Timing attack in Shrine

In Shrine before version 3.3.0, when using the derivationendpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.securecompare...

Updated roundcubemail packages fix security vulnerability

The updated package fixes a security vulnerability: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237...

CVE-2019-15237

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...

CVE-2019-15237

CVE-2019-15237 affects Roundcube Webmail up to version 1.3.9, where Punycode xn-- domain names are mishandled, enabling homograph-like domain name confusion. Public sources in the connected documents corroborate a fix beyond 1.3.9: Fedora advisory FEDORA-2019-d9c2f1ec70 and Gentoo GLSA-202507-10 ...