Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-506

CWE-506

Embedded Malicious Code

Parent: CWE-912 - Hidden Functionality

The product contains code that appears to be malicious in nature.

85 vulnerabilities with CWE-506

CVE-2026-45758 CRITICAL

Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

CVE-2026-48027 CRITICAL KEV

Compromised Nx Console version 18.95.0

CVE-2026-8398 CRITICAL KEV

DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer

CVE-2026-44484 CRITICAL

Compromise of PyTorch Lightning PyPi Package Versions

CVE-2026-45321 CRITICAL KEV

Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

CVE-2026-6443 CRITICAL

Accordion and Accordion Slider 1.4.6 - Injected Backdoor

CVE-2026-34424 CRITICAL

Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit

CVE-2026-34841 CRITICAL

Axios npm Supply Chain Incident Impacting @usebruno/cli

CVE-2026-33634 HIGH KEV

Trivy ecosystem supply chain briefly compromised

CVE-2026-31976 CRITICAL

xygeni-action 5.38.0-6.4.0 - Supply Chain Compromise via Git Tag Poisoning

CVE-2026-28353 CRITICAL

Trivy VSCode Extension 1.8.12 - Code Injection

CVE-2025-59374 CRITICAL KEV

ASUS Live Update - Unintended Actions

CVE-2025-55556 MEDIUM

TensorFlow <2.18.0 - Info Disclosure

CVE-2025-10894 CRITICAL

Nx Build System and Plugins - Malicious Code Injection via npm

CVE-2025-59145 HIGH

color-name 2.0.1 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59331 HIGH

is-arrayish <0.3.3 - Code Injection

CVE-2025-59330 HIGH

error-ex 1.3.3 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59162 HIGH

color-convert 3.1.1 - Command Injection

CVE-2025-59144 HIGH

debug 4.4.2 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59143 HIGH

color 5.0.1 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59142 HIGH

color-string 2.1.1 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59141 HIGH

simple-swizzle 0.2.3 - Code Injection

CVE-2025-59140 HIGH

backslash 0.2.1 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59039 CRITICAL

prebid-universal-creative 1.17.3 - Embedded Malicious Code

CVE-2025-59038 HIGH

prebid.js 10.9.2 - Embedded Malicious Code

Page 1 of 4 Next

Details

Vulnerabilities 85

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy