Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-494

CWE-494

Medium likelihood

Download of Code Without Integrity Check

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

204 vulnerabilities with CWE-494

CVE-2025-55581 HIGH

D-Link DCS-825L <1.08.01 - Code Injection

CVE-2025-31355 HIGH

Tenda AC6 Firmware V02.03.01.110 - Arbitrary Code Execution via Malicious Firmware Update

CVE-2025-53520 HIGH

EG4 Electronics EG4 12kPV, 18kPV, Flex 21, Flex 18, 6000XP, 12000XP, GridBoss - Unauthenticated Firmware Tampering

CVE-2025-53696 CRITICAL

iSTAR Ultra < 6.9.2 - Unauthenticated Firmware Integrity Bypass

CVE-2025-7620 HIGH

Digitware Cross-Browser Document Creation Component - Drive-By Code Execution

CVE-2025-52937 LOW

PointCloudLibrary PCL <1.14.0 - Buffer Overflow

CVE-2025-28236 CRITICAL

Nautel VX Series transmitters <6.4.0 - RCE

CVE-2025-27593 CRITICAL

SDD Device Drivers - Code Injection

CVE-2025-1058 HIGH

Schneider Electric ASCO 5310 and 5350 - Download of Code Without Integrity Check

CVE-2024-47192 MEDIUM

Mahara < 23.04.9 - Unauthenticated Arbitrary File Download via Export URL

CVE-2024-43169 HIGH

IBM Engineering Requirements Management DOORS Next <7.1 - Info Disc...

CVE-2024-50696 HIGH

SunGrow WiNet-S Firmware < 200.001.00.P025 - Unauthenticated Firmware Update via MQTT Message

CVE-2024-52331 HIGH

ECOVACS Robot Lawnmowers and Vacuums - Arbitrary Firmware Installation via Deterministic Symmetric Key

CVE-2024-42183 LOW

BigFix Patch Download Plug-ins - File Download

CVE-2024-55459 MEDIUM

Keras 3.7.0 - Arbitrary File Write via get_file Tar Download

CVE-2024-54126 HIGH

TP-Link Archer C50 < V4_240917 Authenticated Firmware Signature Bypass

CVE-2024-52583 HIGH

WesHacks - Malicious JavaScript Injection via Leostop Dependency

CVE-2024-48974 CRITICAL

Baxter Life2000 Ventilation System < 06.08.00.00 - Unauthorized Firmware Modification via Missing Integrity Check

CVE-2024-33660 MEDIUM

AMI Aptio V 5.0-5.037 - Unauthenticated Download of Code Without Integrity Check

CVE-2024-45321 HIGH

App::cpanminus <1.7047 - Code Injection

CVE-2024-39819 MEDIUM

Zoom Meeting SDK <6.0.10, Rooms <5.17.13, Workplace Desktop <6.0.10 - Privilege Escalation via Installer Bypass

CVE-2024-39348 HIGH

Synology Router Manager < 1.2.5-8227 - Remote Code Execution via AirPrint Functionality

CVE-2024-30206 HIGH

SIMATIC RTLS Locating Manager -<V3.0.1.1 - Info Disclosure

CVE-2024-33118 HIGH

LuckyFrameWeb 3.5.2 - Arbitrary File Read via fileDownload Method

CVE-2024-28878 CRITICAL

IOSiX IO-1020 Micro ELD < 360 - Unauthenticated Code Execution via Unverified Download

Previous Page 3 of 9 Next

Details

Vulnerabilities 204

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy