PRISMAproduce Tech Java CVE-2025-21587, CVE-2025-30749, CVE-2025-50059, CVE-2025-50106 and CVE-2024-21147 vulnerabilities

PRISMAproduce Tech Java CVE-2025-30749, CVE-2025-50059, CVE-2025-50106, CVE-2025-21587 and CVE-2024-21147 vulnerabilities.

“Shai-Hulud” worm

“Shai-Hulud” worm specifically engineered to exploit the Node Package Manager (npm) ecosystem.

Apache Log4net vulnerability CVE-2018-1285

Compromised Log4net.dll configuration file can lead to attacks in applications.

Artifex Ghostscript vulnerability CVE-2023-43115

Artifex Ghostscript versions prior to 10.02.0 can lead to remote code execution via crafted PostScript documents.

Libcurl/curl vulnerability CVE-2023-38545 and CVE-2023-38546

Curl heap based buffer overflow when asked to pass the host name to the SOCKS5 proxy to resolve address.

Artifex Ghostscript vulnerability CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

X.400 confusion vulnerability CVE-2023-0286

Certain versions of OpenSSL contain a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.

X.509 Certificate vulnerability CVE-2022-3786 and CVE-2022-3602

Buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.

Apache Commons vulnerability CVE-2022-42889 and CVE-2022-33980

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.

OpenSSL Security vulnerability CVE-2022-2068 and CVE-2022-2274

File names of certificates being hashed were possibly passed to a command executed through the shell. Additionally, the RSA implementation causing memory corruption.