VYPR

CWE-670

Always-Incorrect Control Flow Implementation

ClassDraft

Description

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.

Hierarchy (View 1000)

CVEs mapped to this weakness (68)

page 1 of 4
  • CVE-2025-43359CriSep 15, 2025
    risk 0.64cvss 9.8epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become…

  • CVE-2018-16766HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.01

    In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.

  • CVE-2015-8857CriJan 23, 2017
    risk 0.57cvss 9.8epss 0.04

    The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.

  • CVE-2026-40200HigApr 10, 2026
    risk 0.53cvss 8.1epss 0.00

    An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on…

  • CVE-2025-49091HigJun 11, 2025
    risk 0.53cvss 8.2epss 0.01

    KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this…

  • CVE-2025-24800CriJan 28, 2025
    risk 0.53cvss epss 0.00

    Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to…

  • CVE-2024-32971CriMay 2, 2024
    risk 0.52cvss 9.0epss 0.01

    Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in…

  • CVE-2024-47745HigOct 21, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called…

  • CVE-2017-0604HigMay 12, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which…

  • CVE-2026-40719HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved.

  • CVE-2026-1874HigMar 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions…

  • CVE-2025-32942HigOct 2, 2025
    risk 0.47cvss 7.2epss 0.00

    SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.

  • CVE-2026-40960HigApr 16, 2026
    risk 0.46cvss 8.1epss 0.00

    Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.

  • CVE-2024-52811HigNov 25, 2024
    risk 0.46cvss 8.2epss 0.01

    The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added to skip `conn_recv_ack`…

  • CVE-2026-41527MedApr 21, 2026
    risk 0.45cvss 6.9epss 0.00

    KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.

  • CVE-2026-20171MedMay 20, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a…

  • CVE-2026-48844HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.00

    Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)

  • CVE-2026-38361HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.03

    Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler (dash_uploader/httprequesthandler.py, dash_uploader/upload.py) trusts unsanitized, attacker-controlled upload parameters (e.g. flowTotalChunks)…

  • CVE-2026-34946HigApr 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch,…

  • CVE-2025-58136HigApr 2, 2026
    risk 0.42cvss 7.5epss 0.01

    A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older…