Total
621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8011 | 2025-07-25 | N/A | 8.8 HIGH | ||
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-8010 | 2025-07-25 | N/A | 8.8 HIGH | ||
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-32919 | 1 Google | 1 Android | 2025-07-22 | N/A | 7.8 HIGH |
| In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32922 | 1 Google | 1 Android | 2025-07-22 | N/A | 7.4 HIGH |
| In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-5436 | 1 Snap | 1 Snapchat Lenscore | 2025-07-22 | N/A | 9.8 CRITICAL |
| Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above. | |||||
| CVE-2025-7230 | 2025-07-22 | N/A | 7.8 HIGH | ||
| INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25723. | |||||
| CVE-2024-5271 | 2025-07-18 | N/A | 7.8 HIGH | ||
| Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution. | |||||
| CVE-2025-49702 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-16 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-6554 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-16 | N/A | 8.1 HIGH |
| Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-48815 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-7424 | 2025-07-15 | N/A | 7.8 HIGH | ||
| A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. | |||||
| CVE-2024-12834 | 1 Deltaww | 1 Drasimucad | 2025-07-11 | N/A | 7.8 HIGH |
| Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22414. | |||||
| CVE-2024-12836 | 1 Deltaww | 1 Drasimucad | 2025-07-11 | N/A | 7.8 HIGH |
| Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450. | |||||
| CVE-2024-13169 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
| An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2025-2197 | 1 Honor | 1 Baidu | 2025-07-11 | N/A | 4.3 MEDIUM |
| Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2025-29791 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-25000 | 1 Microsoft | 1 Edge Chromium | 2025-07-09 | N/A | 8.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-47167 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 8.4 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-49713 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | N/A | 8.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-7259 | 2025-07-08 | N/A | 6.5 MEDIUM | ||
| An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0. | |||||