Total
706 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53143 | 1 Microsoft | 21 Windows, Windows 10, Windows 10 1507 and 18 more | 2025-09-17 | 8.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-50176 | 1 Microsoft | 11 Directx, Server, Windows and 8 more | 2025-09-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. | ||||
| CVE-2025-50168 | 1 Microsoft | 11 Server, Windows, Windows 11 and 8 more | 2025-09-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-43355 | 1 Apple | 10 Ios, Ipados, Iphone Os and 7 more | 2025-09-17 | 5.5 Medium |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause a denial-of-service. | ||||
| CVE-2025-43297 | 1 Apple | 1 Macos | 2025-09-17 | 6.2 Medium |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service. | ||||
| CVE-2024-4947 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-09-15 | 9.6 Critical |
| Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-30397 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-10 | 7.5 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-30383 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-10 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-30375 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-10 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-21326 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 2025 | 2025-09-09 | 7.8 High |
| Internet Explorer Remote Code Execution Vulnerability | ||||
| CVE-2025-21225 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-09-09 | 5.9 Medium |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | ||||
| CVE-2025-21356 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-09-09 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2023-31322 | 1 Amd | 3 Radeon, Radeon Pro W7000, Radeon Rx 7000 | 2025-09-09 | 8.7 High |
| Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2025-22435 | 1 Google | 1 Android | 2025-09-04 | 9.8 Critical |
| In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-13275 | 1 Security Kit Project | 1 Security Kit | 2025-09-02 | 5.3 Medium |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. | ||||
| CVE-2024-30266 | 1 Bytecodealliance | 1 Wasmtime | 2025-09-02 | 3.3 Low |
| wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. | ||||
| CVE-2023-34967 | 4 Debian, Fedoraproject, Redhat and 1 more | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2025-08-30 | 5.3 Medium |
| A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. | ||||
| CVE-2025-8011 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-28 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-8010 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-28 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-32057 | 1 Siemens | 3 Ps\/iges Parasolid Translator, Ps Iges Parasolid Translator Component, Simcenter Femap | 2025-08-27 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562) | ||||