Malicious Package

Overview @tech-global/internal-gateway-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview enterprise-auth-gateway-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-3254 Malicious code in @corp-infra/sso-gateway-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

MAL-2026-3258 Malicious code in @tech-global/internal-gateway-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

MAL-2026-3259 Malicious code in enterprise-auth-gateway-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

Malicious code in @tech-global/internal-gateway-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

EUVD-2025-208625

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

PT-2026-25149

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

io.fabric8.apps:apiman (>=2.2.9.1 <=2.2.19), io.fabric8.apps:distro (>=2.2.7 <=2.2.19) +6 more potentially affected by CVE-2022-36437 via io.apiman:apiman-gateway-platforms-vertx (=1.1.3.CR1)

io.apiman:apiman-gateway-platforms-vertx MAVEN version =1.1.3.CR1 is affected by a known vulnerability. The following packages have a transitive dependency on io.apiman:apiman-gateway-platforms-vertx and may be impacted: - io.fabric8.apps:apiman =2.2.9.1, =2.2.7, =2.2.9.1, =2.2.7, =2.2.7, =2.1.2,...

Path Traversal

gravitee-gateway-core is vulnerable to path traversal. The vulnerability exists due to the lack of dynamic routing checks in the selectUserDefinedEndpoint function of TargetEndpointResolver.java, allowing an attacker to read arbitrary files outside the expected directory via a...