CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

273 matches found

Ubuntu•added 2026/05/25 3:53 p.m.•10 views

USN-8302-1: NLTK vulnerabilities

It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...

10CVSS7AI score0.00307EPSS

Exploits10

IBM Security Bulletins•added 2026/04/14 3:18 p.m.•6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in NLTK [CVE-2026-0848]

Summary IBM Watson Speech Services Cartridge is vulnerable arbitrary code execution in NLTK, due to improper input validation in the StanfordSegmenter module CVE-2026-0848. NLTK is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

10CVSS8AI score0.00307EPSS

Exploits3Affected Software1

Malwarebytes•added 2026/03/31 7:40 p.m.•2 views

Asking AI for personal advice is a bad idea, Stanford study shows

Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions just to maintain user engagement. That's a worrying development, especially given...

5.9AI score

Exploits0

GithubExploit•added 2026/03/31 2:34 p.m.•118 views

Exploit for CVE-2026-0848

CVE-2026-0848 - NLTK StanfordSegmenter RCE PoC ⚠️ ADVERTEN...

10CVSS7.2AI score0.00307EPSS

Exploits3

Packet Storm•added 2026/03/31 12:0 a.m.•105 views

📄 NLTK StanfordSegmenter 3.9.2 Arbitrary Code Execution

nltk.tokenize.StanfordSegmenter dynamically loads external Java .jar files via subprocess without performing any integrity verification, signature checking, or sandboxing. The class accepts fully attacker-controlled parameters including pathtojar, pathtomodel, pathtodict, and javaclass, and passe...

10CVSS6.6AI score0.00307EPSS

Exploits3

RedhatCVE•added 2026/03/24 4:24 p.m.•2 views

CVE-2026-0848

A code injection flaw was found in nltk. The StanfordSegmenter module in NLTK Natural Language Toolkit is vulnerable to arbitrary code execution due to improper input validation. An attacker can exploit this by supplying or replacing Java Archive JAR files, which are dynamically loaded without...

10CVSS7.9AI score0.00307EPSS

Exploits3References5

Vulnrichment•added 2026/03/17 5:0 a.m.•2 views

CVE-2026-4258

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

8.7CVSS5.8AI score0.00025EPSS

Exploits1References4

SUSE CVE•added 2026/03/07 12:27 a.m.•3 views

SUSE CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

10CVSS6.7AI score0.00307EPSS

Exploits3References3

Tenable Nessus•added 2026/03/07 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-0848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads...

10CVSS8AI score0.00307EPSS

Exploits3References3

EUVD•added 2026/03/05 9:30 p.m.•5 views

EUVD-2026-9875

10CVSS6.7AI score0.00307EPSS

Exploits3References2

PyPA•added 2026/03/05 9:16 p.m.•9 views

PYSEC-2026-99

10CVSS8.1AI score0.00307EPSS

Exploits3References1Affected Software1

OSV•added 2026/03/05 9:16 p.m.•5 views

PYSEC-2026-99

10CVSS6.6AI score0.00307EPSS

Exploits3References1

NVD•added 2026/03/05 9:16 p.m.•5 views

CVE-2026-0848

10CVSS0.00307EPSS

Exploits3References1

OSV•added 2026/03/05 9:16 p.m.•4 views

UBUNTU-CVE-2026-0848

10CVSS6.7AI score0.00307EPSS

Exploits3References6

ATTACKERKB•added 2026/03/05 8:48 p.m.•3 views

CVE-2026-0848

10CVSS6.7AI score0.00307EPSS

Exploits3References2

Snyk•added 2026/03/05 8:48 p.m.•3 views

Unsafe Dependency Resolution

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to lack of verification or sandboxing in the StanfordSegmenter module, when unvalidated Java Archive JAR files...

10CVSS7.4AI score0.00307EPSS

Exploits3References2

Vulnrichment•added 2026/03/05 8:48 p.m.•2 views

CVE-2026-0848 Arbitrary Code Execution in NLTK StanfordSegmenter via Untrusted JAR Loading

10CVSS8AI score0.00307EPSS

Exploits3References1

Cvelist•added 2026/03/05 8:48 p.m.•28 views

CVE-2026-0848 Arbitrary Code Execution in NLTK StanfordSegmenter via Untrusted JAR Loading

10CVSS0.00307EPSS

Exploits3References1

CVE•added 2026/03/05 8:48 p.m.•16 views

CVE-2026-0848

NLTK versions ≤3.9.2 are vulnerable due to the StanfordSegmenter loading external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR, enabling arbitrary Java bytecode execution at import time via unvalidated classpath input. Potential attack vectors incl...

10CVSS6.7AI score0.00307EPSS

Exploits3References1Affected Software1

Debian CVE•added 2026/03/05 8:48 p.m.•4 views

CVE-2026-0848

10CVSS9.7AI score0.00307EPSS

Exploits3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by