VYPR

CWE-506

Embedded Malicious Code

ClassIncomplete

Description

The product contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-442 · CAPEC-448 · CAPEC-636

CVEs mapped to this weakness (82)

page 1 of 5
  • CVE-2026-48027CriKEVMay 27, 2026
    risk 0.84cvss 9.8epss 0.02

    Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was…

  • CVE-2026-45321CriKEVMay 12, 2026
    risk 0.82cvss 9.6epss 0.02

    On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the…

  • CVE-2026-8398CriKEVMay 15, 2026
    risk 0.77cvss 9.8epss 0.01

    A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained…

  • CVE-2026-28353CriMar 5, 2026
    risk 0.65cvss epss 0.00

    Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and…

  • CVE-2026-44484CriMay 14, 2026
    risk 0.64cvss 9.8epss 0.00

    PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

  • CVE-2026-6443CriApr 17, 2026
    risk 0.64cvss 9.8epss 0.01

    All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to…

  • CVE-2026-34424CriApr 9, 2026
    risk 0.64cvss 9.8epss 0.01

    Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote…

  • CVE-2017-16128CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.01

    The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.

  • CVE-2026-45758CriJun 5, 2026
    risk 0.62cvss 9.6epss 0.00

    Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be…

  • CVE-2017-20203CriOct 9, 2025
    risk 0.61cvss epss 0.01

    NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a…

  • CVE-2017-20202CriOct 8, 2025
    risk 0.60cvss epss 0.00

    Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that…

  • CVE-2017-20201CriOct 8, 2025
    risk 0.60cvss epss 0.00

    CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry-point loader that diverts execution from __scrt_common_main_seh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves…

  • CVE-2025-59039CriSep 9, 2025
    risk 0.60cvss epss 0.00

    Prebid Universal Creative (PUC) is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version…

  • CVE-2026-46412criMay 19, 2026
    risk 0.59cvss epss 0.00

    ## Summary Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of `@beproduct/nestjs-auth` (0.1.2 through 0.1.19). The packages contained payloads from the **Mini Shai-Hulud** npm supply-chain worm…

  • CVE-2026-34841CriApr 6, 2026
    risk 0.57cvss 9.8epss 0.00

    Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of…

  • CVE-2025-59145HigSep 15, 2025
    risk 0.57cvss epss 0.00

    color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to…

  • CVE-2025-59331HigSep 15, 2025
    risk 0.57cvss epss 0.00

    is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added…

  • CVE-2025-59330HigSep 15, 2025
    risk 0.57cvss epss 0.00

    error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added…

  • CVE-2025-59162HigSep 15, 2025
    risk 0.57cvss epss 0.00

    color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware…

  • CVE-2025-59144HigSep 15, 2025
    risk 0.57cvss epss 0.00

    debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect…