Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-670

CWE-670

Always-Incorrect Control Flow Implementation

Parent: CWE-691 - Insufficient Control Flow Management

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

134 vulnerabilities with CWE-670

CVE-2026-48844 HIGH

Roundcube Webmail - Always-Incorrect Control Flow Implementation

CVE-2026-20171 MEDIUM

Cisco Nexus 3000 and 9000 Series Border Gateway Protocol Denial of Service Vulnerability

CVE-2026-38361 HIGH

dash-uploader 0.1.0-0.7.0a2 Upload Handler - Remote Code Execution

CVE-2026-44928 LOW

uriparser < 1.0.2 - Always-Incorrect Control Flow Implementation in EqualsUri Function

CVE-2026-41988 LOW

uuidjs/uuid < 14.0.0 - Unexpected Buffer Writes via UUID v3/5/6 Generation

CVE-2026-35343 LOW

uutils coreutils cut Inconsistent Output Suppression with Newline Delimiters

CVE-2026-41527 MEDIUM

KDE Kleopatra <26.08.0 - Privilege Escalation

CVE-2026-40942 MEDIUM

DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

CVE-2026-6608 MEDIUM

lm-sys fastchat Arena Side-by-Side View add_text control flow

CVE-2026-40960 HIGH

Luanti <5.15.2 - Privilege Escalation

CVE-2026-40719 HIGH

MaraDNS 3.5.0036 - Denial of Service via Unresolvable Authoritative Nameserver

CVE-2026-40396 MEDIUM

Varnish Cache 9.0.0 - Denial of Service via HTTP/1 Pipelining Workspace Overflow

CVE-2026-40394 MEDIUM

Varnish Cache 9.0.0-9.0.0 and Varnish Enterprise < 6.0.16r11 - Denial of Service via HTTP/2 Session Upgrade

CVE-2026-40200 HIGH

musl libc 0.7.10-1.2.6 - Memory Corruption

CVE-2026-34946 HIGH

Wasmtime's host panics when Winch compiler executes `table.fill`

CVE-2026-35414 MEDIUM

OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling

CVE-2026-35387 LOW

OpenSSH <10.3 - ECDSA Algorithm Misinterpretation

CVE-2026-33011 HIGH

Nest Fastify HEAD Request Middleware Bypass

CVE-2026-32713 MEDIUM

PX4 Autopilot <1.17.0-rc2 - Auth Bypass

CVE-2026-1874 HIGH

MELSEC iQ-F FX5-ENET/IP <=1.106 - DoS

CVE-2026-26267 HIGH

soroban-sdk <22.0.10/23.5.2/25.1.1 - Code Injection

CVE-2025-58136 HIGH

Apache Traffic Server: A simple legitimate POST request causes a crash

CVE-2025-33199 LOW

NVIDIA DGX Spark GB10 - Memory Corruption

CVE-2025-32942 HIGH

SSH Tectia Server <6.6.6 - Info Disclosure

CVE-2025-43359 CRITICAL

iPadOS < 18.7 - Logic Issue in UDP Socket Binding

Page 1 of 6 Next

Details

Vulnerabilities 134

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy