VYPR

CWE-506

Embedded Malicious Code

ClassIncomplete

Description

The product contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-442 · CAPEC-448 · CAPEC-636

CVEs mapped to this weakness (82)

page 2 of 5
  • CVE-2025-59143HigSep 15, 2025
    risk 0.57cvss epss 0.00

    color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added…

  • CVE-2025-59142HigSep 15, 2025
    risk 0.57cvss epss 0.00

    color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload…

  • CVE-2025-59141HigSep 15, 2025
    risk 0.57cvss epss 0.00

    simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting…

  • CVE-2025-59140HigSep 15, 2025
    risk 0.57cvss epss 0.00

    backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to…

  • CVE-2025-10894CriSep 24, 2025
    risk 0.55cvss 9.6epss 0.01

    Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them…

  • CVE-2018-25117CriOct 15, 2025
    risk 0.53cvss epss 0.00

    VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a…

  • CVE-2025-32965CriApr 22, 2025
    risk 0.53cvss epss 0.01

    xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though…

  • CVE-2026-46421criMay 20, 2026
    risk 0.52cvss epss 0.00

    ## Impact On April 29, 2026, compromised versions of `@cap-js/sqlite@2.2.2`, `@cap-js/postgres@2.2.2`, and `@cap-js/db-service@2.10.1` were published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all…

  • CVE-2025-59038HigSep 9, 2025
    risk 0.49cvss epss 0.00

    Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet.…

  • CVE-2025-59037HigSep 9, 2025
    risk 0.49cvss epss 0.00

    DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of DuckDB's packages that included…

  • CVE-2017-16205HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

  • CVE-2017-16204HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

  • CVE-2017-16203HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

  • CVE-2017-16202HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

  • CVE-2017-16081HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16080HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16079HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16078HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16077HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16076HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.