CWE-494 · Download of Code Without Integrity Check
209 CVEs classified under CWE-494 (Download of Code Without Integrity Check). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-1595 | Critical | 9.9 | 2020-09-11 | <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successful… |
CVE-2020-1210 | Critical | 9.9 | 2020-09-11 | <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attack… |
CVE-2026-42249 | Critical | 9.8 | 2026-04-29 | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers… |
CVE-2026-42248 | Critical | 9.8 | 2026-04-29 | Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation… |
CVE-2026-34841 | Critical | 9.8 | 2026-04-06 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the a… |
CVE-2026-3000 | Critical | 9.8 | 2026-03-02 | IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to… |
CVE-2026-2999 | Critical | 9.8 | 2026-03-02 | IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to… |
CVE-2026-27180 | Critical | 9.8 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The save… |
CVE-2025-40604 | Critical | 9.8 | 2025-11-20 | Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, all… |
CVE-2025-56513 | Critical | 9.8 | 2025-09-30 | NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redi… |
CVE-2025-34212 | Critical | 9.8 | 2025-09-29 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess … |
CVE-2025-28236 | Critical | 9.8 | 2025-04-18 | Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This… |
CVE-2023-41921 | Critical | 9.8 | 2024-07-02 | A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin… |
CVE-2024-27438 | Critical | 9.8 | 2024-03-21 | Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote… |
CVE-2023-4041 | Critical | 9.8 | 2023-08-23 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon… |
CVE-2023-27574 | Critical | 9.8 | 2023-03-03 | ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. |
CVE-2020-22658 | Critical | 9.8 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199… |
CVE-2020-22654 | Critical | 9.8 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199… |
CVE-2022-24117 | Critical | 9.8 | 2022-12-26 | Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, T… |
CVE-2020-7883 | Critical | 9.8 | 2021-12-28 | Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the ar… |