CWE-691
34 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-691page 1 of 1
- CVE-2021-33157HIGHCVSS 7.2EG 7.22024-02-23
Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2021-4106HIGHCVSS 7.8EG 7.82022-02-16
A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0
- CVE-2022-20697HIGHCVSS 8.6EG 8.62022-04-15
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource manage…
- CVE-2022-37409MEDIUMCVSS 4.7EG 4.72023-05-10
Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-41646MEDIUMCVSS 4.7EG 4.72023-05-10
Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.
- CVE-2022-43505MEDIUMCVSS 4.1EG 4.12023-08-11
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.
- CVE-2022-46299LOWCVSS 3.3EG 3.32023-11-14
Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-46828MEDIUMCVSS 5.2EG 7.82022-12-08
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
- CVE-2022-48481MEDIUMCVSS 5.2EG 5.22023-04-28
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
- CVE-2023-20559HIGHCVSS 8.8EG 8.82023-04-02
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
- CVE-2023-24587MEDIUMCVSS 6.9EG 6.92023-11-14
Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access.
- CVE-2023-28711MEDIUMCVSS 5.5EG 5.52023-08-11
Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-31211HIGHCVSS 8.8EG 8.82024-01-12
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
- CVE-2023-43588LOWCVSS 3.5EG 3.52023-11-15
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
- CVE-2023-44384MEDIUMCVSS 4.1EG 4.12023-10-06
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the …
- CVE-2023-5102MEDIUMCVSS 5.3EG 5.32023-10-09
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.
- CVE-2024-21801HIGHCVSS 7.1EG 7.12024-08-14
Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.
- CVE-2024-22374MEDIUMCVSS 6.5EG 6.52024-08-14
Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-25565LOWCVSS 3.8EG 3.82024-11-13
Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.
- CVE-2024-29079MEDIUMCVSS 6.8EG 6.82024-11-13
Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-33617MEDIUMCVSS 5.9EG 5.92024-11-13
Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
- CVE-2024-37158LOWCVSS 3.5EG 3.52024-06-17
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for C…
- CVE-2024-3847MEDIUMCVSS 6.1EG 9.82024-04-17
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-20004HIGHCVSS 7.2EG 7.22025-05-13
Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20022MEDIUMCVSS 5.7EG 5.72025-05-13
Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access.
- CVE-2025-22893HIGHCVSS 7.8EG 7.82025-08-12
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-24305HIGHCVSS 7.2EG 7.22025-08-12
Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-25273HIGHCVSS 7.8EG 7.82025-08-12
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-25774MEDIUMCVSS 6.5EG 6.52025-03-12
An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denia…
- CVE-2025-35963HIGHCVSS 7.4EG 7.42025-11-11
Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated use…
- CVE-2025-47285LOWCVSS 2.9EG 0.02025-05-15
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the …
- CVE-2025-47774LOWCVSS 2.9EG 0.02025-05-15
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the `slice()` builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (`msg.d…
- CVE-2025-49463MEDIUMCVSS 6.5EG 6.52025-07-10
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2026-5938MEDIUMCVSS 5.5EG 5.52026-04-27
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
Map vulnerabilities like CWE-691 to your infrastructure
EchelonGraph correlates every CVE — across CWE-691 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →