Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-506 (内嵌的恶意代码) — Vulnerability Class 78

78 vulnerabilities classified as CWE-506 (内嵌的恶意代码). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor — Accordion and Accordion Slider 9.8 Critical2026-04-17
CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit — Smart Slider 3 Pro for WordPress 9.8 Critical2026-04-09
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised — setup-trivy 7.4 -2026-03-23
CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor — xygeni-action 8.8AIHighAI2026-03-11
CVE-2026-28353 Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release — trivy-vscode-extension 5.5 -2026-03-05
CVE-2024-10938 OVRI Payment 1.7.0 - Malicious .htaccess directive — OVRI Payment 6.5 Medium2026-02-27
CVE-2025-59374 ASUS Live Update 安全漏洞 — live update 8.1AIHighAI2025-12-17
CVE-2018-25117 VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise — Control Panel (CP) 8.8AIHighAI2025-10-15
CVE-2017-20203 NetSarang v5.0 Malicious Backdoor Supply Chain Compromise — Xmanager Enterprise 10.0AICriticalAI2025-10-09
CVE-2017-20202 Web Developer for Chrome v0.4.9 Malicious Backdoor Supply Chain Compromise — Web Developer for Chrome 8.8AIHighAI2025-10-08
CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise — CCleaner 9.8AICriticalAI2025-10-08
CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm 9.6 Critical2025-09-24
CVE-2025-59145 color-name@2.0.1 contains malware after npm account takeover — color-name 6.1AIMediumAI2025-09-15
CVE-2025-59331 is-arrayish@0.3.3 contains malware after npm account takeover — node-is-arrayish 8.2AIHighAI2025-09-15
CVE-2025-59330 error-ex@1.3.3 contains malware after npm account takeover — node-error-ex 8.2AIHighAI2025-09-15
CVE-2025-59162 color-convert@3.1.1 contains malware after npm account takeover — color-convert 5.4AIMediumAI2025-09-15
CVE-2025-59142 color-string@2.1.1 contains malware after npm account takeover — color-string 8.2AIHighAI2025-09-15
CVE-2025-59144 debug@4.4.2 contains malware after npm account takeover — debug 6.1AIMediumAI2025-09-15
CVE-2025-59143 color@5.0.1 contains malware after npm account takeover — color 6.1AIMediumAI2025-09-15
CVE-2025-59141 simple-swizzle@0.2.3 contains malware after npm account takeover — node-simple-swizzle 6.1AIMediumAI2025-09-15
CVE-2025-59140 backslash@0.2.1 contains malware after npm account takeover — node-backslash 6.1AIMediumAI2025-09-15
CVE-2025-59039 Prebid Universal Creative on npm briefly compromised — prebid-universal-creative 9.8AICriticalAI2025-09-09
CVE-2025-59038 Prebid.js NPM package briefly compromised — Prebid.js 8.2AIHighAI2025-09-09
CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware — duckdb-node 9.1AICriticalAI2025-09-09
CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension — Q Developer VS Code Extension 4.0 Medium2025-07-30
CVE-2025-54313 eslint-config-prettier 安全漏洞 — eslint-config-prettier 7.5 High2025-07-19
CVE-2025-32965 Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 — xrpl.js 7.5 -2025-04-22
CVE-2025-30154 Multiple Reviewdog actions were compromised during a specific time period — reviewdog 8.6 High2025-03-19
CVE-2025-30066 changed-files 安全漏洞 — changed-files 8.6 High2025-03-15
CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer — Viewer 8.4 High2024-05-23

Vulnerabilities classified as CWE-506 (内嵌的恶意代码) represent 78 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.