Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-494

CWE-494

Medium likelihood

Download of Code Without Integrity Check

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

204 vulnerabilities with CWE-494

CVE-2024-28850 HIGH

WP Crontrol < 1.16.2 - Authenticated Remote Code Execution via PHP Cron Event Tampering

CVE-2024-30205 HIGH

Emacs < 29.3 and Org Mode < 9.6.23 - Unauthenticated Download of Code Without Integrity Check

CVE-2024-27438 CRITICAL

Apache Doris 1.2.0-2.0.4 - Remote Code Execution via Unchecked JDBC Driver File

CVE-2023-41921 CRITICAL

Firmware Modification - Code Injection

CVE-2023-39474 HIGH

Inductive Automation Ignition 8.1.0-8.1.35 - Remote Code Execution via Unvalidated JAR Download

CVE-2023-47353 HIGH

imou_go 1.0.11 - Arbitrary File Download via DownloadFirmwareService

CVE-2023-5592 HIGH

PHOENIX CONTACT MULTIPROG and ProConOS eCLR - Unauthenticated Code Download Without Integrity Check

CVE-2023-46144 MEDIUM

PLCnext - Info Disclosure

CVE-2023-46143 HIGH

PHOENIX CONTACT Classic Line PLCs - Unauthenticated Application Modification

CVE-2023-5630 MEDIUM

Schneider-electric Eb450 Firmware - Download Without Integrity Check

CVE-2023-45842 HIGH

Buildroot 2023.08.1 and dev commit 622698d7847 - Arbitrary Command Execution via Package Hash Checking Bypass

CVE-2023-45841 HIGH

Buildroot 2023.08.1 and dev commit 622698d7847 - Arbitrary Command Execution via Package Hash Checking Bypass

CVE-2023-45840 HIGH

Buildroot 2023.08.1 and dev commit 622698d7847 - Arbitrary Command Execution via Package Hash Checking Bypass

CVE-2023-45839 HIGH

Buildroot 2023.08.1 and dev commit 622698d7847 - Remote Code Execution via Package Hash Check Bypass

CVE-2023-45838 HIGH

Buildroot 2023.08.1 and dev commit 622698d7847 - Arbitrary Command Execution via Package Hash Checking Bypass

CVE-2023-43608 HIGH

Buildroot 2023.08.1 and dev commit 622698d7847 - Arbitrary Command Execution via BR_NO_CHECK_HASH_FOR

CVE-2023-46887 HIGH

Dreamer CMS <4.0.1 - Info Disclosure

CVE-2023-5984 HIGH

ION8650 and ION8800 Firmware - Authenticated Firmware Upload Without Integrity Check

CVE-2023-45799 HIGH

MLSoft TCO!stream < 8.0.23.215 - Unauthenticated Arbitrary File Download and Execution

CVE-2023-45821 MEDIUM

Artifact Hub < 1.16.0 - Credential Hijacking via Docker Registry Domain Spoofing

CVE-2023-37220 HIGH

Synel Synergy Terminals < 3015.1 - Unauthenticated Code Download Without Integrity Check

CVE-2023-4041 CRITICAL

Silicon Labs Gecko Bootloader - Classic Buffer Overflow

CVE-2023-40254 HIGH

Genian NAC 4.0.0-4.0.155, 5.0.0-5.0.42; Suite 5.0.0-5.0.54; ZTNA 6.0.0-6.0.15 - Code Download Without Integrity Check

CVE-2023-37864 HIGH

Phoenixcontact WP 6070-wvps Firmware < 4.0.10 - Download Without Integrity Check

CVE-2023-29401 MEDIUM

Context.FileAttachment - Info Disclosure

Previous Page 4 of 9 Next

Details

Vulnerabilities 204

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy