265 matches found
CVE-2026-12243
NLTK 3.9.4 is documented to be vulnerable to a path traversal attack due to an incomplete fix (GitHub Issue #3504). The root cause is that the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py only checks for literal ../ sequences and does not account for percent-encoded traversal such as ..%2f. Even ...
CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()
NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...
CVE-2026-54293
A flaw was found in NLTK Natural Language Toolkit. The nltk.data.load function is vulnerable to path traversal when processing specially crafted nltk: URLs. An attacker can exploit a decode-after-check flaw, where URL-encoded path separators and traversal segments bypass security checks. This...
CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
UBUNTU-CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
EUVD-2026-38333
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
CVE-2026-54293
CVE-2026-54293 affects NLTK’s nltk.data.load() in Python. A TOCTOU-style flaw lets an attacker bypass the unsafe-path regex (UNSAFE_NO_PROTOCOL_RE) by using URL-encoded path separators (e.g., %2f, %2e%2e) and then decoding, enabling arbitrary local file reads prior to the fix. Affected until vers...
CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
OPENSUSE-SU-2026:11098-1 python311-nltk-3.10.0rc1-1.1 on GA media
These are all security issues fixed in the python311-nltk-3.10.0rc1-1.1 package on the GA media of openSUSE Tumbleweed...
Security Bulletin: Multiple Vulnerabilities in NLTK bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the Natural Language Toolkit NLTK library, which is susceptible to several critical security vulnerabilities. These flaws could allow a remote attacker to execute arbitrary code, perform arbitrary file reads via path...
Directory Traversal
Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...
Turn specs into evals for any agent with ASSERT
Today, we’re releasing Adaptive Spec-driven Scoring for Evaluation and Regression Testing ASSERT, an open-source framework for turning natural-language behavior specifications into executable evaluations. Every team building an AI system starts with a clear intention for the behaviors they want t...
USN-8302-1: NLTK vulnerabilities
It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...
Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models
Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...
Parser-Free Querying of Security Logs
Security analysts routinely query system logs to detect threats and investigate incidents, but each log source uses its own semi-structured format: logs are cheap to produce, but expensive to use. The standard approach, building per-source parsers to normalize logs into structured schemas, is...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2026-33230 DESCRIPTION: NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development ...
Be Kind, Rewrite: Benign Projections Via Rewriting Defend against LLM Data Poisoning Attacks
Large language models LLMs are highly susceptible to backdoor attacks BAs, wherein training samples are poisoned using trigger-based harmful content. Furthermore, existing defenses have proven ineffective when extensively tested across BA patterns. To better combat BAs, we explore the use of LLM...
Integration of AI in Cybersecurity: Current Trends with a Focused Look at Intrusion Detection Applications
Artificial Intelligence AI is widely adopted today for its ability to detect patterns, automate tasks, and reduce time and cost across various applications. Its integration into Cybersecurity has garnered significant attention, particularly in areas such as intrusion detection, malware analysis,...
agentcore-poc
Blueprint POC - Workflow Generation & Deployment A Proof of C...
ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).
Bulletin has no description...