195 matches found
Security Bulletin: IBM Rhapsody Systems Engineering is using qs-6.14.0 which is vulnerable to CVE-2025-15284
Summary A security vulnerability was identified in the QS package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper...
CVE-2026-32094
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...
EUVD-2026-11333
Shescape escape leaves bracket glob expansion active on Bash, BusyBox, and Dash...
Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...
CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...
CVE-2026-32094
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...
CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...
CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...
CVE-2026-32094
CVE-2026-32094 affects the JavaScript library Shescape. Prior to 2.1.10, Shescape#escape() does not escape square-bracket glob syntax used by Bash, BusyBox sh, and Dash. If an application interpolates the returned value directly into a shell command, attacker-controlled input such as secret[12] c...
Shescape 信息泄露漏洞
Shescape is a simple shell escape program developed by Eric Cornelissen. Versions of Shescape prior to 2.1.10 contained an information leakage vulnerability. This vulnerability stemmed from unescaped bracket wildcard syntax, which could allow attacker-controlled parameters to expand into multiple...
PT-2026-24813
Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...
CVE-2026-0847
A flaw was found in NLTK Natural Language Toolkit. This vulnerability allows a remote attacker to read arbitrary files on the server due to improper sanitization of file paths in several CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. By...
DEBIAN-CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
UBUNTU-CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
CVE-2026-0847 Path Traversal in nltk/nltk
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
CVE-2026-0847
NLTK up to 3.9.2 contains a path traversal vulnerability in CorpusReader classes (WordListCorpusReader, TaggedCorpusReader, BracketParseCorpusReader) that can lead to arbitrary file reads on the server. Root cause is improper sanitization/validation of file paths, enabling access to sensitive fil...