CVE & Exploit Intelligence Database

CVE-2025-35963 7.4 HIGH EPSS 0.00

Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

CWE-691 Nov 11, 2025

CVE-2025-25273 7.8 HIGH EPSS 0.00

Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-691 Aug 12, 2025

CVE-2025-24305 7.2 HIGH EPSS 0.00

Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-691 Aug 12, 2025

CVE-2025-22893 7.8 HIGH EPSS 0.00

Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-691 Aug 12, 2025

CVE-2025-49463 6.5 MEDIUM EPSS 0.00

Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.

CWE-691 Jul 10, 2025

CVE-2025-47774 1 Writeup EPSS 0.00

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the `slice()` builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (`msg.data` or `<address>.code`). The reason is that for these source locations, the check that `length >= 1` is skipped. The result is that a 0-length bytestring constructed with slice can be passed to `make_byte_array_copier`, which elides evaluation of its source argument when the max length is 0. The impact is that side effects in the `start` argument may be elided when the `length` argument is 0, e.g. `slice(msg.data, self.do_side_effect(), 0)`. The fix in pull request 4645 disallows any invocation of `slice()` with length 0, including for the ad hoc locations discussed in this advisory. The fix is expected to be part of version 0.4.2.

CWE-691 May 15, 2025

CVE-2025-47285 1 Writeup EPSS 0.00

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero. In practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b""`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b"" if self.do_some_side_effect() else b""`. The fix is available in pull request 4644 and expected to be part of the 0.4.2 release. As a workaround, don't have side effects in expressions which construct zero-length bytestrings.

CWE-691 May 15, 2025

CVE-2025-20022 5.7 MEDIUM EPSS 0.00

Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access.

CWE-691 May 13, 2025

CVE-2025-20004 7.2 HIGH EPSS 0.00

Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-691 May 13, 2025

CVE-2025-25774 6.5 MEDIUM 2 Writeups EPSS 0.00

An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS).

CWE-691 Mar 12, 2025

CVE-2024-33617 5.9 MEDIUM EPSS 0.00

Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.

CWE-691 Nov 13, 2024

CVE-2024-29079 6.8 MEDIUM EPSS 0.00

Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-691 Nov 13, 2024

CVE-2024-25565 3.8 LOW EPSS 0.00

Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.

CWE-691 Nov 13, 2024

CVE-2024-22374 6.5 MEDIUM EPSS 0.00

Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.

CWE-691 Aug 14, 2024

CVE-2024-21801 7.1 HIGH EPSS 0.00

Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.

CWE-691 Aug 14, 2024

CVE-2024-37158 3.5 LOW 1 Writeup EPSS 0.00

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different. The vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module. This vulnerability is fixed in 18.0.0.

CWE-691 Jun 17, 2024

CVE-2024-3847 6.1 MEDIUM EPSS 0.00

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

CWE-305 Apr 17, 2024

CVE-2021-33157 7.2 HIGH EPSS 0.00

Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-691 Feb 23, 2024

CVE-2023-24587 6.9 MEDIUM EPSS 0.00

Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access.

CWE-691 Nov 14, 2023

CVE-2022-46299 3.3 LOW EPSS 0.00

Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

CWE-691 Nov 14, 2023