VYPR

CWE-506

Embedded Malicious Code

ClassIncomplete

Description

The product contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-442 · CAPEC-448 · CAPEC-636

CVEs mapped to this weakness (82)

page 4 of 5
  • CVE-2017-16053HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16052HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16051HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16050HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16049HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16048HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16046HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16045HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16044HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16062HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.01

    node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16061HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.01

    tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16047HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.01

    mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16207HigJun 7, 2018
    risk 0.48cvss 7.3epss 0.01

    discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.

  • CVE-2024-10938MedFeb 27, 2026
    risk 0.42cvss 6.5epss 0.00

    The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may…

  • CVE-2025-8217MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which…

  • CVE-2025-30066KEVMar 15, 2025
    risk 0.12cvss epss 0.41

    tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious…

  • CVE-2026-33634KEVMar 23, 2026
    risk 0.07cvss epss 0.60

    Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in…

  • CVE-2025-54313KEVJul 19, 2025
    risk 0.05cvss epss 0.04

    eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

  • CVE-2025-30154KEVMar 19, 2025
    risk 0.05cvss epss 0.02

    reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use…

  • CVE-2026-31976Mar 11, 2026
    risk 0.00cvss epss 0.01

    xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and…