Total
706 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0286 | 3 Openssl, Redhat, Stormshield | 13 Openssl, Enterprise Linux, Jboss Core Services and 10 more | 2025-08-27 | 7.4 High |
| There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. | ||||
| CVE-2022-41033 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-08-27 | 7.8 High |
| Windows COM+ Event System Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-7424 | 2 Redhat, Xmlsoft | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2025-08-27 | 7.8 High |
| A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. | ||||
| CVE-2025-26496 | 4 Linux, Microsoft, Salesforce and 1 more | 6 Linux, Windows, Tableau Desktop and 3 more | 2025-08-26 | 9.3 Critical |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. | ||||
| CVE-2023-42105 | 2 Ashlar, Ashlar Vellum | 2 Cobalt, Cobalt | 2025-08-25 | 7.8 High |
| Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20562. | ||||
| CVE-2025-49702 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-08-23 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-48815 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-23 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49713 | 1 Microsoft | 1 Edge Chromium | 2025-08-23 | 8.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2024-25575 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-22 | 8.8 High |
| A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
| CVE-2024-32062 | 1 Siemens | 2 Ps\/iges Parasolid Translator, Simcenter Femap | 2025-08-20 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568) | ||||
| CVE-2024-32063 | 1 Siemens | 2 Ps\/iges Parasolid Translator, Simcenter Femap | 2025-08-20 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573) | ||||
| CVE-2025-54649 | 1 Huawei | 1 Harmonyos | 2025-08-13 | 4.5 Medium |
| Vulnerability of using incompatible types to access resources in the location service. Impact: Successful exploitation of this vulnerability may cause some location information attributes to be incorrect. | ||||
| CVE-2023-51560 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-13 | N/A |
| Foxit PDF Reader Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22259. | ||||
| CVE-2025-27536 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2025-08-12 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. | ||||
| CVE-2024-30357 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-08 | N/A |
| Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22818. | ||||
| CVE-2025-2015 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25236. | ||||
| CVE-2023-42102 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20409. | ||||
| CVE-2025-2016 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25238. | ||||
| CVE-2024-13049 | 1 Ashlar | 1 Cobalt | 2025-08-08 | 7.8 High |
| Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24847. | ||||
| CVE-2024-13047 | 1 Ashlar | 1 Cobalt | 2025-08-08 | 7.8 High |
| Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24843. | ||||