146 matches found
CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
UBUNTU-CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
CVE-2026-54293
CVE-2026-54293 affects NLTK’s nltk.data.load() in Python. A TOCTOU-style flaw lets an attacker bypass the unsafe-path regex (UNSAFE_NO_PROTOCOL_RE) by using URL-encoded path separators (e.g., %2f, %2e%2e) and then decoding, enabling arbitrary local file reads prior to the fix. Affected until vers...
EUVD-2026-38333
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
Directory Traversal
Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...
USN-8302-1: NLTK vulnerabilities
It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2026-33230 DESCRIPTION: NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development ...
ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).
Bulletin has no description...
USN-8214-1: NLTK vulnerability
It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code...
USN-8214-1 nltk vulnerability
It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in NLTK [CVE-2026-0848]
Summary IBM Watson Speech Services Cartridge is vulnerable arbitrary code execution in NLTK, due to improper input validation in the StanfordSegmenter module CVE-2026-0848. NLTK is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in NLTK [CVE-2026-0847]
Summary IBM Watson Speech Services Cartridge is vulnerable to Path Traversal in NLTK, due to an issue which allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. CVE-2026-0847 NLTK is used ...
Updated python-nltk packages fix security vulnerability
nltk Vulnerable to Cross-site Scripting. CVE-2026-33230...
Exploit for CVE-2026-0848
CVE-2026-0848 - NLTK StanfordSegmenter RCE PoC ⚠️ ADVERTEN...
📄 NLTK 3.9.2 Arbitrary File Read / Path Traversal
NLTK versions 3.9.2 and below suffer from an arbitrary file read issue due to a path traversal vulnerability. CVE-2026-0847 — NLTK Multiple CorpusReader Classes: Arbitrary File Read via Path Traversal --- Overview | Field | Details | |---|---| | CVE ID | CVE-2026-0847 | | Package | nltk Natural...
CVE-2026-33231 vulnerabilities
Vulnerabilities for packages: open-webui, kubeflow-pipelines-visualization-server, py3-nltk...
SUSE CVE-2026-33230
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...
SUSE CVE-2026-33231
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...
SUSE CVE-2026-33236
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...