CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Tenable Nessus•added 2026/02/19 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2025-14009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses...

10CVSS9.2AI score0.00878EPSS

Exploits1References3

NVD•added 2026/02/18 6:24 p.m.•5 views

CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

10CVSS0.00878EPSS

Exploits1References1

OSV•added 2026/02/18 6:24 p.m.•3 views

DEBIAN-CVE-2025-14009

10CVSS9.3AI score0.00878EPSS

Exploits1References1

UbuntuCve•added 2026/02/18 6:24 p.m.•3 views

CVE-2025-14009

10CVSS7.5AI score0.00878EPSS

Exploits1References5

OSV•added 2026/02/18 6:24 p.m.•2 views

UBUNTU-CVE-2025-14009

10CVSS7.7AI score0.00878EPSS

Exploits1References6

Vulnrichment•added 2026/02/18 5:45 p.m.•4 views

CVE-2025-14009 Zip Slip Vulnerability in nltk/nltk Leading to Remote Code Execution

10CVSS6.6AI score0.00878EPSS

Exploits1References1

AlpineLinux•added 2026/02/18 5:45 p.m.•5 views

CVE-2025-14009

10CVSS6.5AI score0.00878EPSS

Exploits1

OSV•added 2026/01/21 10:58 p.m.•1 views

GHSA-R92C-9C7F-3PJ8 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may cause high CPU usage when encountering maliciously-crafted .zip archives for either provider or module distribution packages. Those who depend on modules or providers...

3.1CVSS6.6AI score

Exploits0References6

Positive Technologies•added 2025/01/01 12:0 a.m.•0 views

PT-2026-20477

Name of the Vulnerable Software and Affected Versions nltk/nltk affected versions not specified Description A critical issue exists in the NLTK downloader component. The unzip iter function within nltk/downloader.py utilizes zipfile.extractall without validating file paths or implementing securit...

10CVSS9.4AI score0.00878EPSS

Exploits1References26

NVD•added 2022/12/01 5:15 p.m.•10 views

CVE-2022-29837

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution...

7.8CVSS0.00092EPSS

Exploits0References1

Prion•added 2022/12/01 5:15 p.m.•13 views

Path traversal

4.3CVSS7.7AI score0.00092EPSS

Exploits0References1Affected Software3

Cvelist•added 2022/12/01 12:0 a.m.•13 views

CVE-2022-29837 Path traversal Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Devices

4.7CVSS7.9AI score0.00092EPSS

Exploits0References1

Vulnrichment•added 2022/12/01 12:0 a.m.•2 views

CVE-2022-29837 Path traversal Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Devices

4.7CVSS7.4AI score0.00092EPSS

Exploits0References1

PyPA•added 2019/08/22 4:15 p.m.•4 views

PYSEC-2019-106

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...

7.5CVSS7.1AI score0.03163EPSS

Exploits2References9Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by