Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-494

CWE-494

Medium likelihood

Download of Code Without Integrity Check

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

204 vulnerabilities with CWE-494

CVE-2026-9037 CRITICAL

Download of code without integrity check in XCharge C6

CVE-2026-45058 CRITICAL

electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark

CVE-2026-9089 HIGH

ConnectWise Automate < 2026.5 - Download of Code Without Integrity Check

CVE-2026-42575 HIGH

apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

CVE-2026-32148 MEDIUM

Lockfile checksums not verified in Hex allows dependency integrity bypass

CVE-2026-42249 CRITICAL

Remote Code Execution in Ollama via Update Mechanism

CVE-2026-42248 CRITICAL

Missing Signature Verification for Updates in Ollama

CVE-2026-40066 HIGH

Anviz Products Download of Code Without Integrity Check

CVE-2026-3428 MEDIUM

ASUS Member Center < 1.6.6.4 - Privilege Escalation via Time-of-check Time-of-use Race Condition

CVE-2026-34841 CRITICAL

Axios npm Supply Chain Incident Impacting @usebruno/cli

CVE-2026-30603 MEDIUM

Qianniao QN-L23PA0904 v20250721.1640 - Privilege Escalation

CVE-2026-3502 HIGH KEV

TrueConf Client Update Integrity Verification Bypass

CVE-2026-33075 HIGH

FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

CVE-2026-28500 HIGH

ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

CVE-2026-1878 MEDIUM

ASUS ROG Driver - Privilege Escalation

CVE-2026-3000 CRITICAL

IDExpert 2.7.3.230719-2.8.4.250925 - Unauthenticated Remote Code Execution via Arbitrary DLL Download

CVE-2026-2999 CRITICAL

IDExpert 2.7.3.230719-2.8.4.250925 - Unauthenticated Remote Code Execution via Arbitrary Executable Download

CVE-2026-27180 CRITICAL

MajorDoMo - Unauthenticated Remote Code Execution via Update URL Poisoning

CVE-2026-25961 HIGH

SumatraPDF 3.5.0-3.5.2 - Remote Code Execution via Update Mechanism TLS Hostname Verification Bypass

CVE-2026-20056 MEDIUM

Cisco Secure Web Appliance - Unauthenticated Malware Archive Bypass via Dynamic Vectoring and Streaming Engine

CVE-2026-22865 HIGH

Gradle < 8.14.4 - Dependency Resolution Bypass via Non-Fatal Repository Exception Handling

CVE-2026-22816 HIGH

Gradle < 8.14.4 - Dependency Resolution Bypass via Unresolvable Host Name

CVE-2025-10539 MEDIUM

Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App

CVE-2025-47904 MEDIUM

Microchip Time Provider 4100 <2.5 - Code Injection

CVE-2025-15575 MEDIUM

SolaX Power Pocket WiFi - Unauthenticated Firmware Tampering via Unsigned Update Files

Page 1 of 9 Next

Details

Vulnerabilities 204

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy