EUVD-2026-15459

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

textract is vulnerable to OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

PT-2024-15721 · Unknown · Deepfacelab

Name of the Vulnerable Software and Affected Versions: DeepFaceLab pretrained DF.wf.288res.384.92.72.22 Description: A problematic vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. The issue affects an unknown function of the file mainscripts/Util.py and leads to...

USN-65-1: Apache utility script vulnerability

Javier Fernández-Sanguino Peña noticed that the "checkforensic" script created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program...