6 matches found
Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary Maximo AI Service uses nltk-3.9.1-py3-none-any.whl, mlflow-3.1.0-py3-none-any.whl, and spring-security-web-6.5.7.jar, which are vulnerable to CVE-2025-14009, CVE-2026-2635, CVE-2026-0848, and CVE-2026-22732. This bulletin contains information regarding how to address the vulnerabilities...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK [CVE-2025-14009]
Summary IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK, due to an issue in in the NLTK downloader component of nltk/nltk that causes the unzipiter function in nltk/downloader.py to fail to perform path validation or security checks CVE-2025-14009. NLTK is used in our...
CVE-2025-14009 vulnerabilities
Vulnerabilities for packages: open-webui, py3-nltk, kubeflow-pipelines-visualization-server...
python311-nltk-3.9.1-3.1 on GA media (moderate)
python311-nltk-3.9.1-3.1 on GA media Announcement ID: openSUSE-SU-2026:10226-1 Rating: moderate Cross-References: CVE-2025-14009 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
Security update for python-nltk (important)
openSUSE Security Update: Security update for python-nltk Announcement ID: openSUSE-SU-2026:0057-1 Rating: important References: 1258436 Cross-References: CVE-2025-14009 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +924 more potentially affected by CVE-2025-14009 via nltk (>=2.0.4 <=3.9.2)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2025-14009 Source advisory: OSV:PYSEC-2026-96...