Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-670

CWE-670

Always-Incorrect Control Flow Implementation

Parent: CWE-691 - Insufficient Control Flow Management

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

134 vulnerabilities with CWE-670

CVE-2025-38291 MEDIUM

Linux Kernel 6.13-6.15.2 - Denial of Service via WMI Command During Firmware Crash

CVE-2025-49091 HIGH

KDE Konsole < 25.04.2 - Remote Code Execution via URL Scheme Handler Fallback

CVE-2025-32996 MEDIUM

http-proxy-middleware <2.0.8, <3.0.4 - Info Disclosure

CVE-2025-2886 MEDIUM

Amazon Tough < 0.20.0 - Incorrect Target Source Validation via Delegation Chain

CVE-2025-29312 CRITICAL

ONOS v2.7.0 - Always-Incorrect Control Flow Implementation via Link Type Change

CVE-2025-24800 CRITICAL

ismp-grandpa < 15.0.1 - Improper Verification of Cryptographic Signature

CVE-2025-21607 HIGH

vyperlang/vyper < 0.4.1 - Always-Incorrect Control Flow Implementation in EcRecover and Identity Precompiles

CVE-2024-53271 HIGH

Envoy 1.31.0-1.31.4 - Denial of Service via HTTP 1.1 Non-101 1xx Response Handling

CVE-2024-53270 HIGH

envoyproxy/envoy < 1.29.12 - Denial of Service via Null Pointer Dereference in sendOverloadError

CVE-2024-53269 MEDIUM

Envoy 1.30.0-1.30.7 - Denial of Service via Happy Eyeballs Address Sorting

CVE-2024-53134 MEDIUM

Linux Kernel 6.1-6.6.62 - Denial of Service via Incorrect Loop Condition in imx93-blk-ctrl Remove Path

CVE-2024-52811 HIGH

ngtcp2 1.9.0 - Heap Buffer Overflow via Invalid ACK Frame in qlog

CVE-2024-8811 HIGH

WinZip < 76.8 - Mark-of-the-Web Protection Mechanism Bypass via Archive Extraction

CVE-2024-30133 MEDIUM

HCL Traveler for Microsoft Outlook - Control Flow Vulnerability

CVE-2024-47745 HIGH

Linux kernel - Privilege Escalation

CVE-2024-38365 HIGH

btcd 0.10.0-0.24.1 - Consensus Failure via Incorrect FindAndDelete Implementation

CVE-2024-25622 LOW

h2o - Info Disclosure

CVE-2024-47168 MEDIUM

gradio < 4.44.0 - Unauthenticated Data Exposure via Monitoring Endpoint

CVE-2024-47763 MEDIUM

Wasmtime 12.0.0-20.0.x (tail calls enabled) and 21.0.0-25.0.1 - Denial of Service via Tail Call Stack Trace Capture

CVE-2024-20480 HIGH

Cisco IOS XE - Denial of Service via DHCP Snooping IPv4 Packet Handling

CVE-2024-45807 HIGH

Envoy 1.31.0-1.31.1 - Denial of Service via oghttp2 Stream Management

CVE-2024-45298 MEDIUM

Wiki.js 2.5.303 - Account Disabling Bypass via Password Reset

CVE-2024-45311 HIGH

quinn 0.11.0-0.11.3 and quinn-proto 0.11.0-0.11.6 - Denial of Service via Unvalidated Connection Retry

CVE-2024-45304 MEDIUM

Cairo-Contracts - Privilege Escalation

CVE-2024-5659 MEDIUM

Rockwell Automation ControlLogix 5580 Firmware - Denial of Service via mDNS Packet

Previous Page 2 of 6 Next

Details

Vulnerabilities 134

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy