CVEs classified under CWE-691, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2023-20559 — CVSS 8.8 (high): Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially…
CVE-2025-25273 — CVSS 7.8 (high): Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow…
CVE-2025-22893 — CVSS 7.8 (high): Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow…
CVE-2021-4106 — CVSS 7.8 (high): A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue…
CVE-2025-35963 — CVSS 7.4 (high): Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2…
CVE-2025-24305 — CVSS 7.2 (high): Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a…
CVE-2025-20004 — CVSS 7.2 (high): Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow…
CVE-2021-33157 — CVSS 7.2 (high): Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may…
CVE-2024-21801 — CVSS 7.1 (high): Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to…
CVE-2023-24587 — CVSS 6.9 (medium): Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially…
CVE-2024-29079 — CVSS 6.8 (medium): Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to…
CVE-2025-49463 — CVSS 6.5 (medium): Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a…
CVE-2025-25774 — CVSS 6.5 (medium): An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may…
CVE-2024-22374 — CVSS 6.5 (medium): Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of…
CVE-2024-33617 — CVSS 5.9 (medium): Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information…
CVE-2025-20022 — CVSS 5.7 (medium): Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to…
CVE-2026-5938 — CVSS 5.5 (medium): Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI…
CVE-2023-5102 — CVSS 5.3 (medium): Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden…
CVE-2022-41646 — CVSS 4.7 (medium): Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to…
CVE-2022-37409 — CVSS 4.7 (medium): Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to…
CVE-2022-43505 — CVSS 4.1 (medium): Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable…
CVE-2024-25565 — CVSS 3.8 (low): Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial…
CVE-2024-37158 — CVSS 3.5 (low): Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting…
CVE-2022-46299 — CVSS 3.3 (low): Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information…
CVE-2025-47774: Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the `slice()`…
CVE-2025-47285: Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip…