Lucene search
+L

8 matches found

PyPA
PyPA
added 2026/07/04 2:16 a.m.5 views

PYSEC-0000-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/19 12:42 p.m.4 views

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +924 more potentially affected by CVE-2026-33236 via nltk (>=2.0.4 <=3.9.2)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33236 Source advisory: OSV:GHSA-469J-VMHF-R6V7...

8.1CVSS7.2AI score0.00498EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/09 9:31 p.m.7 views

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +924 more potentially affected by CVE-2026-0846 via nltk (>=2.0.4 <=3.9.2)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0846 Source advisory: OSV:GHSA-H8WQ-7XC4-P3QX...

8.6CVSS7.2AI score0.00428EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/03/05 9:16 p.m.4 views

CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

10CVSS8AI score0.00809EPSS
Exploits3References5
CVE
CVE
added 2026/03/05 8:48 p.m.38 views

CVE-2026-0848

NLTK versions ≤3.9.2 are vulnerable due to the StanfordSegmenter loading external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR, enabling arbitrary Java bytecode execution at import time via unvalidated classpath input. Potential attack vectors incl...

10CVSS6.7AI score0.00809EPSS
Exploits3References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.7 views

CVE-2026-0847

A flaw was found in NLTK Natural Language Toolkit. This vulnerability allows a remote attacker to read arbitrary files on the server due to improper sanitization of file paths in several CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. By...

8.6CVSS7.6AI score0.00924EPSS
Exploits3References4
vulnersOsv
vulnersOsv
added 2026/02/18 6:30 p.m.6 views

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +924 more potentially affected by CVE-2025-14009 via nltk (>=2.0.4 <=3.9.2)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2025-14009 Source advisory: OSV:GHSA-7P94-766C-HGJP...

10CVSS7.2AI score0.0079EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2026-23514

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.2 and earlier Description The software contains a flaw due to improper input validation in the StanfordSegmenter module, potentially leading to arbitrary code execution. The module dynamically loads external Java .jar files...

10CVSS7.6AI score0.00809EPSS
Exploits3References23
Rows per page
Query Builder