Description
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Extended Description
An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
CVE vulnerabilities with CWE-494 (252)
9.9
CVSS
CRITICAL
CVE-2020-1210
pub. 2020-09-11
9.9
CVSS
CRITICAL
CVE-2020-1595
pub. 2020-09-11
9.8
CVSS
CRITICAL
CVE-2026-34841
pub. 2026-04-06
9.8
CVSS
CRITICAL
CVE-2025-40604
pub. 2025-11-20
9.8
CVSS
CRITICAL
CVE-2025-56513
pub. 2025-09-30
9.8
CVSS
CRITICAL
CVE-2025-28236
pub. 2025-04-18
9.8
CVSS
CRITICAL
CVE-2023-41921
pub. 2024-07-02
9.8
CVSS
CRITICAL
CVE-2024-27438
pub. 2024-03-21
9.8
CVSS
CRITICAL
CVE-2023-4041
pub. 2023-08-23
9.8
CVSS
CRITICAL
CVE-2023-27574
pub. 2023-03-03
9.8
CVSS
CRITICAL
CVE-2020-22654
pub. 2023-01-20
9.8
CVSS
CRITICAL
CVE-2020-22658
pub. 2023-01-20
9.8
CVSS
CRITICAL
CVE-2022-24117
pub. 2022-12-26
9.8
CVSS
CRITICAL
CVE-2020-7883
pub. 2021-12-28
9.8
CVSS
CRITICAL
CVE-2020-2320
pub. 2020-12-03
9.8
CVSS
CRITICAL
CVE-2020-28332
pub. 2020-11-24
9.8
CVSS
CRITICAL
CVE-2018-5409
pub. 2019-05-08
9.8
CVSS
CRITICAL
CVE-2019-3801
pub. 2019-04-25
9.8
CVSS
CRITICAL
CVE-2016-6567
pub. 2018-07-13
9.8
CVSS
CRITICAL
CVE-2002-0671
pub. 2002-07-23
Showing 20 of 252 vulnerabilities