Lucene search
K

404 matches found

Wolfi
Wolfi
added yesterday3 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
Wolfi
Wolfi
added yesterday3 views

CVE-2026-12243 vulnerabilities

Vulnerabilities for packages: py3-nltk...

7.5CVSS7AI score0.0051EPSS
Exploits1
Chainguard
Chainguard
added yesterday2 views

CVE-2026-54293 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk, py3-nltk...

7.5CVSS5.9AI score0.00378EPSS
Exploits1
RedhatCVE
RedhatCVE
added 3 days ago4 views

CVE-2026-12252

A flaw was found in the nltk library. Several Stanford interface classes within nltk are susceptible to arbitrary code execution. This vulnerability allows a local attacker to execute malicious code by providing an untrusted Java Archive JAR file, as the system lacks integrity verification for...

7.8CVSS6.4AI score0.0015EPSS
Exploits1References4
OSV
OSV
added 5 days ago9 views

DEBIAN-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.0015EPSS
Exploits1References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00809EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.0015EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/30 12:14 a.m.35 views

CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS0.0051EPSS
Exploits1References1
CVE
CVE
added 2026/06/30 12:14 a.m.27 views

CVE-2026-12243

NLTK 3.9.4 is documented to be vulnerable to a path traversal attack due to an incomplete fix (GitHub Issue #3504). The root cause is that the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py only checks for literal ../ sequences and does not account for percent-encoded traversal such as ..%2f. Even ...

7.5CVSS7.3AI score0.0051EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 5:31 p.m.5 views

CVE-2026-54293

A flaw was found in NLTK Natural Language Toolkit. The nltk.data.load function is vulnerable to path traversal when processing specially crafted nltk: URLs. An attacker can exploit a decode-after-check flaw, where URL-encoded path separators and traversal segments bypass security checks. This...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/23 6:31 p.m.7 views

EUVD-2025-210316

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:16 p.m.4 views

DEBIAN-CVE-2025-61021

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.8 views

CVE-2025-61021

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:16 p.m.4 views

UBUNTU-CVE-2025-61021

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61021

The CVE-2025-61021 entry concerns openlink virtuoso-opensource v7.2.11, specifically the sqlo_natural_join_cond component. The issue enables Denial of Service via crafted SQL statements. Public details across connected documents confirm the affected product/version and the root cause (sqlo_natura...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.31 views

CVE-2025-61021

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 7:17 p.m.9 views

CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS0.00378EPSS
Exploits1References5
OSV
OSV
added 2026/06/22 7:17 p.m.3 views

UBUNTU-CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/22 5:25 p.m.7 views

EUVD-2026-38333

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 5:25 p.m.56 views

CVE-2026-54293

CVE-2026-54293 affects NLTK’s nltk.data.load() in Python. A TOCTOU-style flaw lets an attacker bypass the unsafe-path regex (UNSAFE_NO_PROTOCOL_RE) by using URL-encoded path separators (e.g., %2f, %2e%2e) and then decoding, enabling arbitrary local file reads prior to the fix. Affected until vers...

7.5CVSS6AI score0.00378EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder