CWE-506
85 CVEs classified under CWE-506. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3094 | Critical | 10.0 | 2024-03-29 | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build proces… |
CVE-2026-48027 | Critical | 9.8 | 2026-05-27 | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon aft… |
CVE-2026-8398 | Critical | 9.8 | 2026-05-15 | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from… |
CVE-2026-44484 | Critical | 9.8 | 2026-05-14 | PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a cre… |
CVE-2026-6443 | Critical | 9.8 | 2026-04-17 | All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious th… |
CVE-2026-34424 | Critical | 9.8 | 2026-04-09 | Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that all… |
CVE-2026-34841 | Critical | 9.8 | 2026-04-06 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the a… |
CVE-2026-31976 | Critical | 9.8 | 2026-03-11 | xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (… |
CVE-2025-59374 | Critical | 9.8 | 2025-12-17 | "UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain… |
CVE-2017-16128 | Critical | 9.8 | 2018-06-07 | The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. |
CVE-2026-45758 | Critical | 9.6 | 2026-06-05 | Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious versi… |
CVE-2026-45321 | Critical | 9.6 | 2026-05-12 | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishe… |
CVE-2025-10894 | Critical | 9.6 | 2025-09-24 | Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, vi… |
CVE-2020-15165 | Critical | 9.3 | 2020-08-28 | Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official ma… |
CVE-2023-2003 | Critical | 9.1 | 2023-07-13 | Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encode… |
CVE-2026-33634 | High | 8.8 | 2026-03-23 | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 v… |
CVE-2025-30154 | High | 8.6 | 2025-03-19 | reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with… |
CVE-2025-30066 | High | 8.6 | 2025-03-15 | tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-1… |
CVE-2024-4978 | High | 8.4 | 2024-05-23 | Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, priv… |
CVE-2025-54313 | High | 7.5 | 2025-07-19 | eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an… |