Lucene search
+L

164 matches found

Wolfi
Wolfi
added 2026/07/08 8:38 p.m.9 views

CVE-2026-12243 vulnerabilities

Vulnerabilities for packages: py3-nltk...

7.5CVSS7AI score0.0051EPSS
Exploits1
Wolfi
Wolfi
added 2026/07/08 8:38 p.m.10 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 8:24 p.m.8 views

CVE-2026-54293 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.13-sdk, apache-beam-python-3.11-sdk, apache-beam-python-3.12-sdk, py3-nltk...

7.5CVSS5.1AI score0.00378EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/07/06 8:46 a.m.7 views

CVE-2026-12252

A flaw was found in the nltk library. Several Stanford interface classes within nltk are susceptible to arbitrary code execution. This vulnerability allows a local attacker to execute malicious code by providing an untrusted Java Archive JAR file, as the system lacks integrity verification for...

7.8CVSS6.4AI score0.00158EPSS
Exploits1References4
OSV
OSV
added 2026/07/04 2:16 a.m.11 views

DEBIAN-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1
OSV
OSV
added 2026/07/04 2:16 a.m.3 views

UBUNTU-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/04 12:58 a.m.10 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00809EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2026/07/04 12:58 a.m.5 views

CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/30 12:14 a.m.37 views

CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS0.0051EPSS
Exploits1References1
CVE
CVE
added 2026/06/30 12:14 a.m.32 views

CVE-2026-12243

NLTK 3.9.4 is documented to be vulnerable to a path traversal attack due to an incomplete fix (GitHub Issue #3504). The root cause is that the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py only checks for literal ../ sequences and does not account for percent-encoded traversal such as ..%2f. Even ...

7.5CVSS7.3AI score0.0051EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 5:31 p.m.5 views

CVE-2026-54293

A flaw was found in NLTK Natural Language Toolkit. The nltk.data.load function is vulnerable to path traversal when processing specially crafted nltk: URLs. An attacker can exploit a decode-after-check flaw, where URL-encoded path separators and traversal segments bypass security checks. This...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References5
NVD
NVD
added 2026/06/22 7:17 p.m.13 views

CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS0.00378EPSS
Exploits1References5
OSV
OSV
added 2026/06/22 7:17 p.m.4 views

UBUNTU-CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References4
OSV
OSV
added 2026/06/22 5:25 p.m.4 views

CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6.1AI score0.00378EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/22 5:25 p.m.10 views

EUVD-2026-38333

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/22 5:25 p.m.9 views

CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1
CVE
CVE
added 2026/06/22 5:25 p.m.66 views

CVE-2026-54293

CVE-2026-54293 affects NLTK’s nltk.data.load() in Python. A TOCTOU-style flaw lets an attacker bypass the unsafe-path regex (UNSAFE_NO_PROTOCOL_RE) by using URL-encoded path separators (e.g., %2f, %2e%2e) and then decoding, enabling arbitrary local file reads prior to the fix. Affected until vers...

7.5CVSS6AI score0.00378EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/22 12:0 a.m.2 views

OPENSUSE-SU-2026:11098-1 python311-nltk-3.10.0rc1-1.1 on GA media

These are all security issues fixed in the python311-nltk-3.10.0rc1-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 1:55 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in NLTK bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the Natural Language Toolkit NLTK library, which is susceptible to several critical security vulnerabilities. These flaws could allow a remote attacker to execute arbitrary code, perform arbitrary file reads via path...

10CVSS6.8AI score0.00924EPSS
Exploits9Affected Software2
Snyk
Snyk
added 2026/06/16 2:34 p.m.14 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...

8.7CVSS6.5AI score0.00378EPSS
Exploits1References2
Rows per page
Query Builder