Lucene search
+L

164 matches found

wolfi
wolfi
added 2026/07/08 8:38 p.m.9 views

CVE-2026-12243 vulnerabilities

Vulnerabilities for packages: py3-nltk...

7.5CVSS7AI score0.0051EPSS
Exploits1
wolfi
wolfi
added 2026/07/08 8:38 p.m.9 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
cgr
cgr
added 2026/07/08 8:24 p.m.8 views

CVE-2026-54293 vulnerabilities

Vulnerabilities for packages: py3-nltk, apache-beam-python-3.11-sdk, apache-beam-python-3.13-sdk, apache-beam-python-3.12-sdk...

7.5CVSS6.1AI score0.00378EPSS
Exploits1
redhatcve
redhatcve
added 2026/07/06 8:46 a.m.6 views

CVE-2026-12252

A flaw was found in the nltk library. Several Stanford interface classes within nltk are susceptible to arbitrary code execution. This vulnerability allows a local attacker to execute malicious code by providing an untrusted Java Archive JAR file, as the system lacks integrity verification for...

7.8CVSS6.4AI score0.00158EPSS
Exploits1References4
osv
osv
added 2026/07/04 2:16 a.m.11 views

DEBIAN-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1
osv
osv
added 2026/07/04 2:16 a.m.3 views

UBUNTU-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References3
euvd
euvd
added 2026/07/04 12:58 a.m.10 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00809EPSS
Exploits4References1
attackerkb
attackerkb
added 2026/07/04 12:58 a.m.5 views

CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References2
cve
cve
added 2026/06/30 12:14 a.m.31 views

CVE-2026-12243

NLTK 3.9.4 is documented to be vulnerable to a path traversal attack due to an incomplete fix (GitHub Issue #3504). The root cause is that the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py only checks for literal ../ sequences and does not account for percent-encoded traversal such as ..%2f. Even ...

7.5CVSS7.3AI score0.0051EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2026/06/30 12:14 a.m.37 views

CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS0.0051EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/25 5:31 p.m.5 views

CVE-2026-54293

A flaw was found in NLTK Natural Language Toolkit. The nltk.data.load function is vulnerable to path traversal when processing specially crafted nltk: URLs. An attacker can exploit a decode-after-check flaw, where URL-encoded path separators and traversal segments bypass security checks. This...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References5
nvd
nvd
added 2026/06/22 7:17 p.m.11 views

CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS0.00378EPSS
Exploits1References5
osv
osv
added 2026/06/22 7:17 p.m.3 views

UBUNTU-CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References4
debiancve
debiancve
added 2026/06/22 5:25 p.m.8 views

CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1
euvd
euvd
added 2026/06/22 5:25 p.m.9 views

EUVD-2026-38333

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
cve
cve
added 2026/06/22 5:25 p.m.64 views

CVE-2026-54293

CVE-2026-54293 affects NLTK’s nltk.data.load() in Python. A TOCTOU-style flaw lets an attacker bypass the unsafe-path regex (UNSAFE_NO_PROTOCOL_RE) by using URL-encoded path separators (e.g., %2f, %2e%2e) and then decoding, enabling arbitrary local file reads prior to the fix. Affected until vers...

7.5CVSS6AI score0.00378EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/06/22 5:25 p.m.4 views

CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6.1AI score0.00378EPSS
Exploits1References7
osv
osv
added 2026/06/22 12:0 a.m.2 views

OPENSUSE-SU-2026:11098-1 python311-nltk-3.10.0rc1-1.1 on GA media

These are all security issues fixed in the python311-nltk-3.10.0rc1-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References1
ibm
ibm
added 2026/06/17 1:55 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in NLTK bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the Natural Language Toolkit NLTK library, which is susceptible to several critical security vulnerabilities. These flaws could allow a remote attacker to execute arbitrary code, perform arbitrary file reads via path...

10CVSS6.8AI score0.00924EPSS
Exploits9Affected Software2
osv
osv
added 2026/06/16 2:34 p.m.8 views

GHSA-P4GQ-832X-FM9V Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

Summary nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname decodes the %xx sequences a classic decode-after-check / TOCTOU-style flaw, allowing ...

7.5CVSS6.2AI score0.00378EPSS
Exploits1References8
Rows per page
Query Builder