CWE-494 · Download of Code Without Integrity Check

209 CVEs classified under CWE-494 (Download of Code Without Integrity Check). Browse by severity and year.

Top CVEs for CWE-494
CVESeverityScorePublishedSummary
CVE-2020-1595Critical9.92020-09-11<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successful…
CVE-2020-1210Critical9.92020-09-11<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attack…
CVE-2026-42249Critical9.82026-04-29Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers…
CVE-2026-42248Critical9.82026-04-29Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation…
CVE-2026-34841Critical9.82026-04-06Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the a…
CVE-2026-3000Critical9.82026-03-02IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to…
CVE-2026-2999Critical9.82026-03-02IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to…
CVE-2026-27180Critical9.82026-02-18MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The save…
CVE-2025-40604Critical9.82025-11-20Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, all…
CVE-2025-56513Critical9.82025-09-30NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redi…
CVE-2025-34212Critical9.82025-09-29Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess …
CVE-2025-28236Critical9.82025-04-18Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This…
CVE-2023-41921Critical9.82024-07-02A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin…
CVE-2024-27438Critical9.82024-03-21Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote…
CVE-2023-4041Critical9.82023-08-23Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon…
CVE-2023-27574Critical9.82023-03-03ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.
CVE-2020-22658Critical9.82023-01-20In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199…
CVE-2020-22654Critical9.82023-01-20In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199…
CVE-2022-24117Critical9.82022-12-26Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, T…
CVE-2020-7883Critical9.82021-12-28Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the ar…