CWE-506

85 CVEs classified under CWE-506. Browse by severity and year.

Top CVEs for CWE-506
CVESeverityScorePublishedSummary
CVE-2024-3094Critical10.02024-03-29Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build proces…
CVE-2026-48027Critical9.82026-05-27Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon aft…
CVE-2026-8398Critical9.82026-05-15A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from…
CVE-2026-44484Critical9.82026-05-14PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a cre…
CVE-2026-6443Critical9.82026-04-17All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious th…
CVE-2026-34424Critical9.82026-04-09Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that all…
CVE-2026-34841Critical9.82026-04-06Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the a…
CVE-2026-31976Critical9.82026-03-11xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (…
CVE-2025-59374Critical9.82025-12-17"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain…
CVE-2017-16128Critical9.82018-06-07The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
CVE-2026-45758Critical9.62026-06-05Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious versi…
CVE-2026-45321Critical9.62026-05-12On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishe…
CVE-2025-10894Critical9.62025-09-24Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, vi…
CVE-2020-15165Critical9.32020-08-28Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official ma…
CVE-2023-2003Critical9.12023-07-13Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encode…
CVE-2026-33634High8.82026-03-23Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 v…
CVE-2025-30154High8.62025-03-19reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with…
CVE-2025-30066High8.62025-03-15tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-1…
CVE-2024-4978High8.42024-05-23Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, priv…
CVE-2025-54313High7.52025-07-19eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an…