Security update for python-nltk (important)

openSUSE Security Update: Security update for python-nltk Announcement ID: openSUSE-SU-2026:0098-1 Rating: important References: 1260066 1260067 1260068 Cross-References: CVE-2026-33230 CVE-2026-33231 CVE-2026-33236 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes three...

EUVD-2016-2091

Malware in sbrugna...

EUVD-2010-1031

Malware in sbrugna...

EUVD-2023-27846

Malicious code in bioql PyPI...

EUVD-2023-50847

Malicious code in bioql PyPI...

EUVD-2023-0514

Malicious code in bioql PyPI...

CVE-2025-52452

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Salesforce Tableau Server on Windows, Linux tabdoc api - duplicate-data-source modules allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3....

CVE-2025-51481

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

Dagster Local File Inclusion vulnerability

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

CVE-2025-51481

CVE-2025-51481 affects Dagster 1.10.14 and relates to a Local File Inclusion in dagster._grpc.impl.get_notebook_data, where a path traversal sequence in the notebook_path field of ExternalNotebookData requests can cause arbitrary file reads by bypassing the extension-based check. Public sources c...

CVE-2025-51481

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

CVE-2025-1086

A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to th...

GHSA-762G-9P7F-MRWW Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

CVE-2024-6049 Unauthenticated Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

CVE-2023-22273 ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

CVE-2021-3688

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...

CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...

Add From Server <= 3.3.3 - Authenticated Path Traversal to Arbitrary File Access

An authenticated attacker with low permission can read arbitrary files on server using Path Traversal. The plugin author states that this is by design and that the plugin should not be used. Please refer to the references. http://example.com/wp-admin/upload.php?page=add-from-server&adirectory=/...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

Node.js third-party modules: [statics-server] Path Traversal due to lack of provided path sanitization

Hi Team, I would like to report Path Traversal in statics-server module. It allows to read content of any arbitrary file from the server. Module module name: statics-server version: 0.0.9 npm page: https://www.npmjs.com/package/statics-server Module Description npm install statics-server -g Go to...