Lucene search
K

5 matches found

Chainguard
Chainguard
added 2026/02/24 7:30 p.m.8 views

CVE-2025-14009 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.11-sdk, py3-nltk, open-webui, kubeflow-pipelines-visualization-server, nemo, label-studio...

10CVSS7.2AI score0.0079EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/18 11:28 p.m.5 views

CVE-2025-14009

A code execution vector has been discovered in the python NTLK library. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, ca...

10CVSS7.6AI score0.0079EPSS
Exploits1References5
Circl
Circl
added 2026/02/18 6:32 p.m.5 views

CVE-2025-14009

creationtimestamp| type| source ---|---|--- 2026-02-18 18:32:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5pnybld22m 2026-02-18 19:00:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5rababgq2h...

10CVSS5.1AI score0.0079EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/18 6:30 p.m.5 views

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +924 more potentially affected by CVE-2025-14009 via nltk (>=2.0.4 <=3.9.2)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2025-14009 Source advisory: OSV:GHSA-7P94-766C-HGJP...

10CVSS7.2AI score0.0079EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/02/18 5:45 p.m.6 views

CVE-2025-14009 Zip Slip Vulnerability in nltk/nltk Leading to Remote Code Execution

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

10CVSS6.6AI score0.0079EPSS
Exploits1References1
Rows per page
Query Builder