Lucene search
+L

30 matches found

redhatcve
redhatcve
added 2026/06/30 2:22 p.m.9 views

CVE-2026-12243

A flaw was found in NLTK. An attacker can exploit a path traversal vulnerability by providing specially crafted input to nltk.data.load or nltk.data.find. This allows the attacker to read arbitrary files accessible to the Python process, leading to information disclosure. The vulnerability arises...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References4
osv
osv
added 2026/06/30 12:14 a.m.3 views

CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References3
cve
cve
added 2026/06/30 12:14 a.m.31 views

CVE-2026-12243

NLTK 3.9.4 is documented to be vulnerable to a path traversal attack due to an incomplete fix (GitHub Issue #3504). The root cause is that the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py only checks for literal ../ sequences and does not account for percent-encoded traversal such as ..%2f. Even ...

7.5CVSS7.3AI score0.0051EPSS
Exploits1References1Affected Software1
euvd
euvd
added 2026/06/22 5:25 p.m.9 views

EUVD-2026-38333

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/06/22 5:25 p.m.6 views

CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
opensuse
opensuse
added 2026/06/22 12:0 a.m.4 views

Security update for python-nltk (important)

openSUSE Security Update: Security update for python-nltk Announcement ID: openSUSE-SU-2026:0211-1 Rating: important References: 1268526 Cross-References: CVE-2026-54293 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

7.5CVSS6.1AI score0.00378EPSS
Exploits1References1
snyk
snyk
added 2026/06/16 2:34 p.m.13 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...

8.7CVSS6.5AI score0.00378EPSS
Exploits1References2
github
github
added 2026/06/16 2:34 p.m.23 views

Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

Summary nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname decodes the %xx sequences a classic decode-after-check / TOCTOU-style flaw, allowing ...

7.5CVSS5.5AI score0.00378EPSS
Exploits1References2Affected Software1
nessus
nessus
added 2026/02/06 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: clickhouse (UTSA-2026-005267)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005267 advisory. An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server...

6.5CVSS6.7AI score0.00705EPSS
Exploits0References4
nessus
nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : nodejs-nodemon-2.0.20-3.el9, nodejs-16.19.1-1.el9 (AXSA:2023-6037:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6037:02 advisory. c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 http-cache-semantics: Regular Expression Denial of Servic...

8.6CVSS8AI score0.02023EPSS
Exploits3References7
snyk
snyk
added 2025/12/23 11:4 p.m.5 views

Deserialization of Untrusted Data

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the dumps and dumpd functions when user-controlled data containing the lc key is serialized and later deserialized. This key...

9.3CVSS8.2AI score0.1383EPSS
Exploits5References2
bdu_fstec
bdu_fstec
added 2025/06/25 12:0 a.m.9 views

The vulnerability of Microprogrammed Software in Modicon Controllers arises from improper external control of the name or file path during data loading, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of Microprogrammed Software in Modicon Controllers arises from incorrect external control via name or file during data loading. Exploiting this vulnerability allows an attacker to compromise the confidentiality of protected information...

7.8CVSS5.4AI score0.00357EPSS
Exploits0References3Affected Software2
ptsecurity
ptsecurity
added 2024/05/16 12:0 a.m.8 views

PT-2024-19157 · Intel · Intel Dlb Driver

Name of the Vulnerable Software and Affected Versions: IntelR DLB driver software versions prior to 8.5.0 Description: The issue is related to improper input validation, which may allow an authenticated user to potentially cause a denial of service via local access. Recommendations: For versions...

6.5CVSS6.8AI score0.00192EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/05/02 12:0 a.m.6 views

pgAdmin 跨站脚本漏洞

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A cross-site scripting vulnerability exists in pgAdmin 8.5 and earlier versions, which stems from a cross-site scripting vulnerability in the /settings/store endpoint that responds to a json loa...

7.4CVSS6.1AI score0.00461EPSS
Exploits1References4
github
github
added 2024/02/03 12:29 a.m.22 views

Nervos CKB Permit load cell data from memory

Impact The faulty nodes will reject transactions which calls loadcelldata syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation. Patches 0.35.2, 0.36.1, 0.37.1, 0.38.2...

7.1AI score
Exploits0References7Affected Software1
osv
osv
added 2023/11/23 4:15 p.m.3 views

UBUNTU-CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

6.5CVSS6AI score0.00705EPSS
Exploits0References4
susecve
susecve
added 2023/02/21 1:59 a.m.5 views

SUSE CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

7.1CVSS6.9AI score0.00471EPSS
Exploits0References15
susecve
susecve
added 2023/02/15 6:9 a.m.4 views

SUSE CVE-2007-6352

Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exifdataloaddatathumbnail function in exif-data.c...

6.8CVSS8.2AI score0.02727EPSS
Exploits0References5
osv
osv
added 2023/02/08 7:3 p.m.24 views

CVE-2023-0216 Invalid pointer dereference in d2i_PKCS7 functions

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...

7.5CVSS7.3AI score0.01846EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2022/09/22 12:0 a.m.3 views

PT-2022-27074 · Unknown +2 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 22.9.1.2603 ClickHouse versions prior to 22.8.2.11 ClickHouse versions prior to 22.7.4.16 ClickHouse versions prior to 22.6.6.16 ClickHouse versions prior to 22.3.12.19 Description: An issue was discovered in...

6.5CVSS6.5AI score0.00705EPSS
Exploits0References15
Rows per page
Query Builder