Lucene search
K

11273 matches found

CVE
CVE
added 2026/03/09 9:8 p.m.104 views

CVE-2026-1776

Camaleon CMS CVE-2026-1776 affects versions 2.4.5.0–2.9.0 prior to commit f54a77e, with a path traversal vulnerability in the CamaleonCmsAwsUploader AWS S3 backend. Authenticated users can trigger download_private_file to bypass path validation (valid_folder_path?) and read arbitrary files on the...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/09 8:44 p.m.7 views

CVE-2026-0846

A flaw was found in the nltk component. This vulnerability, specifically within the filestring function of the nltk.util module, allows an attacker to perform arbitrary file reads. By providing specially crafted input paths, either absolute or using directory traversal, an attacker can bypass inp...

8.6CVSS5.8AI score0.00428EPSS
Exploits1References4
OSV
OSV
added 2026/03/09 8:16 p.m.6 views

PYSEC-2026-97

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

7.5CVSS5.9AI score0.00428EPSS
Exploits1References2
PyPA
PyPA
added 2026/03/09 8:16 p.m.9 views

PYSEC-2026-97

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS7.4AI score0.00428EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/09 8:16 p.m.6 views

DEBIAN-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

7.5CVSS8.1AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/03/09 8:16 p.m.5 views

UBUNTU-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References7
CVE
CVE
added 2026/03/09 7:19 p.m.18 views

CVE-2026-0846

The CVE concerns nltk 3.9.2, specifically the filestring() function in nltk.util, which opens user-supplied file paths without proper sanitization. This allows arbitrary file read by passing absolute or traversal paths, enabling access to sensitive system files. Exploitation can occur locally or ...

8.6CVSS7.3AI score0.00428EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/03/09 7:19 p.m.26 views

CVE-2026-0846 Arbitrary File Read via Absolute Path Input in nltk.util.filestring()

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS0.00428EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 7:19 p.m.5 views

CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/09 7:19 p.m.2 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the filestring function. An attacker can access sensitive files by supplying specially crafted input paths, such as...

8.7CVSS6.3AI score0.00428EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/09 7:19 p.m.1 views

CVE-2026-0846 Arbitrary File Read via Absolute Path Input in nltk.util.filestring()

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/09 9:30 a.m.5 views

EUVD-2025-208357

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsomenumber, but this parameter is not properly validated, allowing an attacker to modify it to...

6.5CVSS5.9AI score0.00498EPSS
Exploits0References2
OSV
OSV
added 2026/03/09 9:15 a.m.5 views

CVE-2025-41755

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsomenumber, but this parameter is not properly validated, allowing an attacker to modify it to...

6.5CVSS6AI score0.00498EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 8:16 a.m.4 views

CVE-2025-41755 Arbitrary Read with ubr-logread

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsomenumber, but this parameter is not properly validated, allowing an attacker to modify it to...

6.5CVSS5.9AI score0.00498EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 8:16 a.m.27 views

CVE-2025-41755 Arbitrary Read with ubr-logread

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsomenumber, but this parameter is not properly validated, allowing an attacker to modify it to...

6.5CVSS0.00498EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 8:16 a.m.13 views

CVE-2025-41755

CVE-2025-41755 describes a vulnerability where a low-privileged, remote attacker can read arbitrary files by abusing the ubr-logread method in wwwubr.cgi. The issue stems from insufficient validation of the log file parameter (e.g., /tmp/weblog{n}); the parameter can be manipulated to reference a...

6.5CVSS5.9AI score0.00498EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/09 8:15 a.m.6 views

CVE-2025-41754

CVE-2025-41754 describes a low-priv remote attack where an undocumented, unused API endpoint (wwwubr.cgi: ubr-editfile) allows reading arbitrary files on the system. The vulnerability arises from exposing an edit-file API without proper access controls, enabling read access via network. The CVSS ...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/09 8:15 a.m.4 views

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 8:15 a.m.31 views

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS0.00334EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.5 views

PT-2026-24115

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A path traversal flaw exists in the PWA Progressive Web App ZIP processing endpoint, specifically at...

9.6CVSS5.9AI score0.00267EPSS
Exploits1References10
Rows per page
Query Builder