Recently
| ....... NLTK (Python library) | ........ <= 3.9.2 Vulnerability :...... Path Traversal (CWE-22) Severity: ....... 7.5 (High) date: .......... March 4, 2026 Prediction: Fixed in NLTK 3.9.3 What Undercode Say: Analytics The vulnerability stems from a logical error where path validation is performed before URL decoding. [bash] Vulnerable code in nltk/data.py The regex check operates on the raw, encoded string. if UNSAFE_NO_PROTOCOL_RE.search(resource_name): raise ValueError("...") Later, url2pathname() decodes the string. p = os.path.join(path, url2pathname(resource_name)) [/bash] This flaw allows attackers to bypass the security regex. The following Python script demonstrates the | 75high | View or Download | UNDERCODE | 2026-06-16 | |
|---|---|---|---|---|---|---|
| Hono | <4.12.4 | Cookie Injection | medium | View or Download | UNDERCODE | 2026-03-06 |
| D-Link DIR-513 | v1.10 | Stack buffer overflow | critical | View or Download | UNDERCODE | 2026-03-06 |
| D-Link DIR-513 | 1.10 | Path Traversal | critical | View or Download | UNDERCODE | 2026-03-06 |
| D-Link DIR-513 | critical98 | View or Download | UNDERCODE | 2026-03-06 | ||
| FreePBX GUI | 86high | View or Download | UNDERCODE | 2026-05-03 | ||
| D-Link DIR-513 | critical | View or Download | UNDERCODE | 2026-03-06 | ||
| D-Link DIR-513 | 1.10 only | Stack Buffer Overflow | critical98 | View or Download | UNDERCODE | 2026-03-06 |
| CoreDNS | 77high | View or Download | UNDERCODE | 2026-03-06 | ||
| Traefik | moderatecvss44 | View or Download | UNDERCODE | 2026-03-05 | ||
| Traefik | 2.11.9-2.11.37, 3.1.3-3.6.8 | Case-sensitivity bypass | highcvss31avnaclprnuinsucnihan | View or Download | UNDERCODE | 2026-03-05 |
| Traefik | high | View or Download | UNDERCODE | 2026-03-05 | ||
| Gogs | <0.14.2 | Option injection | medium | View or Download | UNDERCODE | 2026-03-05 |
| Gogs | < 0.14.2 | Stored XSS | medium | View or Download | UNDERCODE | 2026-03-05 |
| Gogs | high | View or Download | UNDERCODE | 2026-03-05 | ||
| OpenClaw (npm) | critical | View or Download | UNDERCODE | 2026-03-03 | ||
| Geth | <1.16.9 | ECIES Key Extraction | high | View or Download | UNDERCODE | 2026-02-19 |
| go-ethereum | Prior to 1.14.13 | Denial of Service | moderate | View or Download | UNDERCODE | 2026-02-19 |
| LangChain Redis Checkpointer | < 1.0.2 | Query Injection Bypass | critical | View or Download | UNDERCODE | 2026-02-19 |
| filippo.io/edwards25519 | Prior to v1.2.0 | MultiScalarMult initialization failure | low | View or Download | UNDERCODE | 2026-02-19 |
| TensorFlow/Keras | 2.20.0/3.11.3 | Information Disclosure | medium | View or Download | UNDERCODE | 2025-10-19 |
| LibreNMS | before 24.4.0 | time-based blind SQLi | high71-88 | View or Download | UNDERCODE | 2024-04-22 |
| Windows | <5.27.14 | Command Injection | high81 | View or Download | UNDERCODE | 2025-12-16 |
| PHP Application | Not specified | SQL Injection IPv6 | critical | View or Download | UNDERCODE | 2025-02-18 |
| OpenClaw | <=2026.2.14 | Token Leak | moderate | View or Download | UNDERCODE | 2026-02-18 |
🦑 WANT MORE ?
Loading…