15 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a missing authentication and cross-site Scripting in NLTK [CVE-2026-33230, CVE-2026-33231]
Summary IBM Watson Speech Services Cartridge is vulnerable to a missing authentication in NLTK Natural Language Toolkit, due to an issue in nltk.app.wordnetapp that contains a reflected cross-site scripting issue in the lookup... route CVE-2026-33230, CVE-2026-33231. NLTK is used in our speech...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2026-33230 DESCRIPTION: NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development ...
CVE-2026-33230
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...
DEBIAN-CVE-2026-33231
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...
DEBIAN-CVE-2026-33230
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...
CVE-2026-33231 NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...
CVE-2026-33230 nltk Vulnerable to Cross-site Scripting
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...
CVE-2026-33230 nltk Vulnerable to Cross-site Scripting
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...
CVE-2026-33230
NLTK WordNet Browser (nltk.app.wordnet_app) in versions <= 3.9.3 contains a reflected XSS in the lookup_ route, where attacker-controlled word data is echoed into HTML without escaping, enabling arbitrary HTML/JS execution in the local browser context. Public advisories and vendor notices conf...
CVE-2026-33230
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...
CVE-2026-33230 nltk Vulnerable to Cross-site Scripting
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...
NLTK 跨站脚本漏洞
NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. Versions of NLTK 3.9.3 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the lookup... route in nltk.app.wordnetapp...
Unauthenticated remote shutdown in nltk.app.wordnet_app
Summary nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os.exit0, resulting in a denial of service. Details The...
GHSA-JM6W-M3J8-898G Unauthenticated remote shutdown in nltk.app.wordnet_app
Summary nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os.exit0, resulting in a denial of service. Details The...
GHSA-GFWX-W7GR-FVH7 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk
Summary nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted lookup URL can inject arbitrary HTML/JavaScript into the response page because attacker-controlled word data is reflected into HTML without escaping. This impacts users running the local...