EUVD-2026-38333

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

Security update for python-nltk (important)

openSUSE Security Update: Security update for python-nltk Announcement ID: openSUSE-SU-2026:0211-1 Rating: important References: 1268526 Cross-References: CVE-2026-54293 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

Summary nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname decodes the %xx sequences a classic decode-after-check / TOCTOU-style flaw, allowing ...

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: clickhouse (UTSA-2026-005267)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005267 advisory. An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server...

MiracleLinux 9 : nodejs-nodemon-2.0.20-3.el9, nodejs-16.19.1-1.el9 (AXSA:2023-6037:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6037:02 advisory. c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 http-cache-semantics: Regular Expression Denial of Servic...

Deserialization of Untrusted Data

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the dumps and dumpd functions when user-controlled data containing the lc key is serialized and later deserialized. This key...

The vulnerability of Microprogrammed Software in Modicon Controllers arises from improper external control of the name or file path during data loading, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of Microprogrammed Software in Modicon Controllers arises from incorrect external control via name or file during data loading. Exploiting this vulnerability allows an attacker to compromise the confidentiality of protected information...

PT-2024-19157 · Intel · Intel Dlb Driver

Name of the Vulnerable Software and Affected Versions: IntelR DLB driver software versions prior to 8.5.0 Description: The issue is related to improper input validation, which may allow an authenticated user to potentially cause a denial of service via local access. Recommendations: For versions...

pgAdmin 跨站脚本漏洞

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A cross-site scripting vulnerability exists in pgAdmin 8.5 and earlier versions, which stems from a cross-site scripting vulnerability in the /settings/store endpoint that responds to a json loa...

Nervos CKB Permit load cell data from memory

Impact The faulty nodes will reject transactions which calls loadcelldata syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation. Patches 0.35.2, 0.36.1, 0.37.1, 0.38.2...

UBUNTU-CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

SUSE CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

SUSE CVE-2007-6352

Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exifdataloaddatathumbnail function in exif-data.c...

CVE-2023-0216

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...

PT-2022-27074 · Unknown +2 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 22.9.1.2603 ClickHouse versions prior to 22.8.2.11 ClickHouse versions prior to 22.7.4.16 ClickHouse versions prior to 22.6.6.16 ClickHouse versions prior to 22.3.12.19 Description: An issue was discovered in...

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to sensitive information disclosure (CVE-2020-4957)

Summary IBM Security Identity Governance and Intelligence could disclose sensitive information in URL parameters due to a vulnerability in the Bulk Data Load module CVE-2020-4957. This vulnerability is resolved by a code fix in the affected part of the product. Vulnerability Details CVEID:...

CVE-2020-0181

In exifdataloaddatathumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID...

UBUNTU-CVE-2020-0198

In exifdataloaddatacontent of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-14642894...

IBM API Connect Denial of Service Vulnerability (CNVD-2018-26026)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in IBM API Connect versions 2018.1 through 2018.3.7 that stems from th...