CVE-2026-41690

18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated entry points that...

CVE-2026-41683 HTTP response splitting and DoS in i18next-http-middleware via unsanitised Content-Language header

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...

CVE-2026-41683

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.3 release

Red Hat OpenShift distributed tracing platform Tempo 3.9.3 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides security improvements and bug fixes. Breaking changes: None. Deprecations: None. Technology Preview features: None. Enhancements: None. Bu...

Astra Linux - уязвимость в python3.7

There is a flaw in Python 3’s pydoc documentation. A local or nearby attacker who discovers or can convince another local or nearby user to start a pydoc server could access the server and use it to disclose sensitive information belonging to that user that they would not normally be able to...

i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...

PT-2026-37150

Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.3 Description An unauthenticated HTTP client can pollute Object.prototype in the Node.js process hosting the middleware. This occurs via two unvalidated entry points: getResourcesHandler and...

SUSE CVE-2026-33230

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...

CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

CVE-2026-33230

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...

DEBIAN-CVE-2026-33231

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

CVE-2026-33236 NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

EUVD-2026-13885

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

NLTK 跨站脚本漏洞

NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. Versions of NLTK 3.9.3 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the lookup... route in nltk.app.wordnetapp...

Unsafe Dependency Resolution

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to lack of verification or sandboxing in the StanfordSegmenter module, when unvalidated Java Archive JAR files...

Out-of-bounds Read

Overview Biosig is a BioSig - tools for biomedical signal processing Affected versions of this package are vulnerable to Out-of-bounds Read in the ABF parsing. An attacker can access sensitive information by providing a specially crafted .abf file. Remediation Upgrade Biosig to version 3.9.3 or...

Heap-based Buffer Overflow

Overview Biosig is a BioSig - tools for biomedical signal processing Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the Intan CLP parsing functionality. An attacker can execute arbitrary code by supplying a specially crafted Intan CLP file. Remediation Upgrade...

Heap-based Buffer Overflow

Overview Biosig is a BioSig - tools for biomedical signal processing Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the Nicolet WFT parsing functionality. An attacker can execute arbitrary code by supplying a specially crafted .wft file. PoC A heap-based buffer...

CVE-2025-14067

The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve...