Lucene search
K

265 matches found

CVE
CVE
added yesterday14 views

CVE-2026-12243

NLTK 3.9.4 is documented to be vulnerable to a path traversal attack due to an incomplete fix (GitHub Issue #3504). The root cause is that the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py only checks for literal ../ sequences and does not account for percent-encoded traversal such as ..%2f. Even ...

7.5CVSS7.3AI score0.00494EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS0.00494EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-54293

A flaw was found in NLTK Natural Language Toolkit. The nltk.data.load function is vulnerable to path traversal when processing specially crafted nltk: URLs. An attacker can exploit a decode-after-check flaw, where URL-encoded path separators and traversal segments bypass security checks. This...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References5
NVD
NVD
added 2026/06/22 7:17 p.m.9 views

CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS0.00378EPSS
Exploits1References5
OSV
OSV
added 2026/06/22 7:17 p.m.2 views

UBUNTU-CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/22 5:25 p.m.7 views

EUVD-2026-38333

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 5:25 p.m.39 views

CVE-2026-54293

CVE-2026-54293 affects NLTK’s nltk.data.load() in Python. A TOCTOU-style flaw lets an attacker bypass the unsafe-path regex (UNSAFE_NO_PROTOCOL_RE) by using URL-encoded path separators (e.g., %2f, %2e%2e) and then decoding, enabling arbitrary local file reads prior to the fix. Affected until vers...

7.5CVSS6AI score0.00378EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 5:25 p.m.7 views

CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1
OSV
OSV
added 2026/06/22 12:0 a.m.2 views

OPENSUSE-SU-2026:11098-1 python311-nltk-3.10.0rc1-1.1 on GA media

These are all security issues fixed in the python311-nltk-3.10.0rc1-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 1:55 p.m.4 views

Security Bulletin: Multiple Vulnerabilities in NLTK bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the Natural Language Toolkit NLTK library, which is susceptible to several critical security vulnerabilities. These flaws could allow a remote attacker to execute arbitrary code, perform arbitrary file reads via path...

10CVSS6.8AI score0.00924EPSS
Exploits9Affected Software2
Snyk
Snyk
added 2026/06/16 2:34 p.m.10 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...

8.7CVSS6.5AI score0.00378EPSS
Exploits1References2
Microsoft Secure
Microsoft Secure
added 2026/06/10 4:0 p.m.16 views

Turn specs into evals for any agent with ASSERT

Today, we’re releasing Adaptive Spec-driven Scoring for Evaluation and Regression Testing ASSERT, an open-source framework for turning natural-language behavior specifications into executable evaluations. Every team building an AI system starts with a clear intention for the behaviors they want t...

5.5AI score
Exploits0
Ubuntu
Ubuntu
added 2026/05/25 3:53 p.m.15 views

USN-8302-1: NLTK vulnerabilities

It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...

10CVSS7AI score0.00924EPSS
Exploits10
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.10 views

Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models

Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.8 views

Parser-Free Querying of Security Logs

Security analysts routinely query system logs to detect threats and investigate incidents, but each log source uses its own semi-structured format: logs are cheap to produce, but expensive to use. The standard approach, building per-source parsers to normalize logs into structured schemas, is...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 5:41 a.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2026-33230 DESCRIPTION: NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development ...

9.8CVSS7.2AI score0.00855EPSS
Exploits4Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.8 views

Be Kind, Rewrite: Benign Projections Via Rewriting Defend against LLM Data Poisoning Attacks

Large language models LLMs are highly susceptible to backdoor attacks BAs, wherein training samples are poisoned using trigger-based harmful content. Furthermore, existing defenses have proven ineffective when extensively tested across BA patterns. To better combat BAs, we explore the use of LLM...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/16 12:0 a.m.9 views

Integration of AI in Cybersecurity: Current Trends with a Focused Look at Intrusion Detection Applications

Artificial Intelligence AI is widely adopted today for its ability to detect patterns, automate tasks, and reduce time and cost across various applications. Its integration into Cybersecurity has garnered significant attention, particularly in areas such as intrusion detection, malware analysis,...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/13 12:16 p.m.100 views

agentcore-poc

Blueprint POC - Workflow Generation & Deployment A Proof of C...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/07 6:23 p.m.5 views

ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).

Bulletin has no description...

5.7AI score
Exploits0References1
Rows per page
Query Builder