VYPR

CWE-705

Incorrect Control Flow Scoping

ClassIncomplete

Description

The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

Hierarchy (View 1000)

CVEs mapped to this weakness (5)

  • CVE-2025-9848HigSep 3, 2025
    risk 0.47cvss 7.3epss 0.01

    A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. The attack can be executed remotely. The exploit has…

  • CVE-2026-10271MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint. This manipulation of the argument uid causes execution after redirect. It is…

  • CVE-2026-3264MedFeb 26, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be…

  • CVE-2026-3262MedFeb 26, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The…

  • CVE-2026-3449LowMar 3, 2026
    risk 0.14cvss 3.3epss 0.00

    Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to…