Malicious Package

Overview service-gateway is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PT-2026-36999

Name of the Vulnerable Software and Affected Versions Eclipse Equinox OSGi versions 3.7.2 and earlier Description An issue allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send...

MAL-2026-3313 Malicious code in service-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0624202d6a746245b4be59c683dc5b0ca64a43bc9524db9388f9f0a7be45d57 The package service-gateway was found to contain malicious code. Source: ghsa-malware 0e3831827037ebf97303c3c075e47b0e1ece3d2c6b38ca75aa2b3d1f7d0a2f0...

Malicious code in service-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0624202d6a746245b4be59c683dc5b0ca64a43bc9524db9388f9f0a7be45d57 The package service-gateway was found to contain malicious code. Source: ghsa-malware 0e3831827037ebf97303c3c075e47b0e1ece3d2c6b38ca75aa2b3d1f7d0a2f0...

CVE-2026-1738

Open5GS SGWC (up to 2.7.6) is affected by a flaw in sgwc_tunnel_add in /src/sgwc/context.c. Manipulating the pdr argument can trigger a reachable assertion, and the issue can be exploited remotely. The exploit has been published, and a patch to correct the issue is indicated as already-fixed in t...

CVE-2026-1586

A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogsgtp2fteidtoip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is...

CVE-2026-1522 Open5GS SGWC s5c-handler.c sgwc_s5c_handle_modify_bearer_response denial of service

A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwcs5chandlemodifybearerresponse of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has...

CVE-2025-59968

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

CVE-2025-59968 Junos Space Security Director: Insufficient authorization for sensitive resources in web interface

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +7358 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.7.12)

org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =j8.2.4.0, =j8.2.4.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.6 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...

Oracle Business Intelligence Publisher 7.0 (OAS) (April 2024 CPU)

The versions of Oracle Business Intelligence Publisher OAS installed on the remote host are affected by a vulnerability as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: XML Services. Supported versions that are affecte...

Oracle Business Intelligence Publisher (April 2024 CPU)

The versions of Oracle Business Intelligence Publisher installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: XML Services. Supported versions that are...

CVE-2024-21084

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Service Gateway. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Whil...

PT-2024-4899 · Oracle · Oracle Bi Publisher

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.0.0.0.0 and 12.2.1.4.0 Description: The issue is related to insufficient access control in the Service Gateway component of Oracle BI Publisher, allowing an unauthenticated attacker with network access via HTTP ...

Command Execution Vulnerability in EG3210 of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-11054)

The EG3210 is a multi-service security gateway. A command execution vulnerability exists in the EG3210, which can be exploited by an attacker to gain control of a server...

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. Byzro Networks Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928 and earlier versio...

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. Byzro Networks Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928 and prior versions...

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. Byzro Networks Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928 and earlier versio...

CVE-2023-4873 Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php os command injection

A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is...

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Operating System Command Injection Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. The Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform suffers from an...