USN-8302-1: NLTK vulnerabilities

It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...

SUSE CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

Linux Distros Unpatched Vulnerability : CVE-2026-33236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language...

CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

UBUNTU-CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

CVE-2026-33236 NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

CVE-2026-33236

The connected GHSA entry documents a path traversal vulnerability in the NLTK downloader (nltk.downloader). The root cause is lack of validation for subdir and id when processing remote XML indexes, allowing a remote XML index server to supply values with traversal sequences. This can enable arbi...

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the XML index file downloader. An attacker can overwrite arbitrary files and create directories at unintended locations...

GHSA-469J-VMHF-R6V7 NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

Vulnerability Description The NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences such as ../, which can lead to: 1. Arbitrary Directo...

NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

Vulnerability Description The NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences such as ../, which can lead to: 1. Arbitrary Directo...

PT-2026-26300

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.3 and prior Description NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. The NLTK downloader does not validat...

project alumni <= 1.0.9 - Remote XSS / SQL Injection Vulnerability

No description provided by source. project-alumni sql injection & xss author : tomplixsee [email protected] ------------------------------------------------------------------------------------------------------------- affected software version : project alumni v1.0.9, v1.0.8, or lower??...

project alumni 1.0.9 - Cross-Site Scripting SQL Injection

project alumni 1.0.9 - Cross-Site Scripting SQL Injection project-alumni sql injection & xss author : tomplixsee [email protected] ------------------------------------------------------------------------------------------------------------- affected software version : project alumni v1.0.9,...