h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44182 via jupyter-enterprise-gateway (=3.2.2)

jupyter-enterprise-gateway PYPI version =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-enterprise-gateway and may be impacted: - h2o-notebook =0.3.0, =0.4.1 Source cves: CVE-2026-44182 Source advisory: OSV:GHSA-CFW7-6C5V-2WJQ...

GHSA-F49J-V924-FX9W Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44181 via jupyter-enterprise-gateway (=3.2.2)

jupyter-enterprise-gateway PYPI version =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-enterprise-gateway and may be impacted: - h2o-notebook =0.3.0, =0.4.1 Source cves: CVE-2026-44181 Source advisory: OSV:GHSA-F49J-V924-FX9W...

h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44180 via jupyter-enterprise-gateway (=3.2.2)

jupyter-enterprise-gateway PYPI version =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-enterprise-gateway and may be impacted: - h2o-notebook =0.3.0, =0.4.1 Source cves: CVE-2026-44180 Source advisory: OSV:GHSA-CHQ7-94J8-CJ28...

Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...

CVE-2026-44181

creationtimestamp| type| source ---|---|--- 2026-06-03 03:02:38+00:00| published-proof-of-concept| https://github.com/jupyter-server/enterprisegateway/security/advisories/GHSA-f49j-v924-fx9w 2026-06-10 17:25:03+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116726974749666744...

CVE-2026-44182

creationtimestamp| type| source ---|---|--- 2026-06-03 02:54:53+00:00| published-proof-of-concept| https://github.com/jupyter-server/enterprisegateway/security/advisories/GHSA-cfw7-6c5v-2wjq 2026-06-10 17:25:03+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116726974749666744...

CVE-2026-44180

creationtimestamp| type| source ---|---|--- 2026-06-03 02:54:32+00:00| published-proof-of-concept| https://github.com/jupyter-server/enterprisegateway/security/advisories/GHSA-chq7-94j8-cj28 2026-06-10 17:25:03+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116726974749666744...

PT-2026-46124

Name of the Vulnerable Software and Affected Versions Jupyter Enterprise Gateway affected versions not specified Description An input validation issue exists in the prohibited UID and GID feature, which is designed to prevent launching kernels with root privileges UID or GID 0. An attacker can...

MAL-2026-3255 Malicious code in @enterprise-core/auth-gateway-bridge (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

EUVD-2019-19062

Malware in sbrugna...

CVE-2023-22595

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility and Mobile Enterprise Gateway (MEG) affected by multiple vulnerabilities (CVE-2024-21907, CVE-2023-39017, CVE-2024-40642, CVE-2015-2325)

Summary Vulnerabilities contained within newtonsoft.json 3rd party components were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility. Vulnerabilities contained within Netty 3rd party components were addressed in the IBM MaaS360 Mobile Enterprise Gateway MEG Module...

Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities

Summary A vulnerability contained within Open SSL was addressed in the IBM MaaS360 Cloud Extender VPN Module. Vulnerabilities contained within Spring Framework and Eclipse Jetty a 3rd party component were addressed in the IBM MaaS360 Mobile Enterprise Gateway MEG. Vulnerability Details...

PT-2023-19848 · Ibm · Ibm B2B Advanced Communications +1

Name of the Vulnerable Software and Affected Versions: IBM B2B Advanced Communications version 1.0.0.0 IBM Multi-Enterprise Integration Gateway version 1.0.0.1 Description: The issue allows a user to cause a denial of service due to the deserializing of untrusted serialized Java objects...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway, Configuration Utility, VPN, Certificate and Base Module affected by multiple vulnerabilities

Summary Vulnerabilities contained within libcurl a 3rd party component and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, VPN and Base Modules. Vulnerabilities contained within Netty a 3rd party component were addressed in the IBM MaaS360 Mobi...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

Summary Vulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)

Summary A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway and MaaS360 Cloud Extender Configuration Utility module. Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to HTTP request smuggling...

CVE-2022-27982

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution RCE vulnerability via the fileName parameter at /guestauth/cfg/upLoadCfg.php...

CVE-2022-27983

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php...