Total
659 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21056 | 1 Google | 1 Android | 2025-02-21 | N/A | 6.7 MEDIUM |
| In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A | |||||
| CVE-2024-11346 | 2025-02-13 | N/A | 7.3 HIGH | ||
| : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836. | |||||
| CVE-2024-11344 | 2025-02-13 | N/A | 7.3 HIGH | ||
| A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | |||||
| CVE-2025-21279 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2025-21342 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2021-46878 | 1 Treasuredata | 1 Fluent Bit | 2025-02-11 | N/A | 7.8 HIGH |
| An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. | |||||
| CVE-2025-21408 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-26063 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2025-02-11 | N/A | 9.8 CRITICAL |
| Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. | |||||
| CVE-2025-0291 | 1 Google | 1 Chrome | 2025-02-11 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-12692 | 1 Google | 1 Chrome | 2025-02-11 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2021-33970 | 1 Browser.360 | 1 Chrome | 2025-02-05 | N/A | 10.0 CRITICAL |
| Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. | |||||
| CVE-2025-21225 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-01-27 | N/A | 5.9 MEDIUM |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | |||||
| CVE-2023-20673 | 2 Google, Mediatek | 43 Android, Iot Yocto, Mt5696 and 40 more | 2025-01-24 | N/A | 6.7 MEDIUM |
| In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103. | |||||
| CVE-2025-22153 | 2025-01-23 | N/A | 7.9 HIGH | ||
| RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available. | |||||
| CVE-2025-21326 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 2025 | 2025-01-22 | N/A | 7.8 HIGH |
| Internet Explorer Remote Code Execution Vulnerability | |||||
| CVE-2023-23557 | 1 Facebook | 1 Hermes | 2025-01-21 | N/A | 9.8 CRITICAL |
| An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2023-25933 | 1 Facebook | 1 Hermes | 2025-01-21 | N/A | 9.8 CRITICAL |
| A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2024-49119 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-01-14 | N/A | 8.1 HIGH |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | |||||
| CVE-2023-24599 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 4.3 MEDIUM |
| OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion." | |||||
| CVE-2025-22151 | 2025-01-09 | N/A | 3.7 LOW | ||
| Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node interface. When querying for a specific type using the global node field (e.g., FruitType:some-id), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., SpecialFruitType). This can lead to information disclosure if the alternate type exposes sensitive fields and potential privilege escalation if the alternate type contains data intended for restricted access. This vulnerability is fixed in 0.257.0. | |||||