Total
537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53739 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-08-15 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-50155 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-14 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54649 | 1 Huawei | 1 Harmonyos | 2025-08-13 | N/A | 4.5 MEDIUM |
| Vulnerability of using incompatible types to access resources in the location service. Impact: Successful exploitation of this vulnerability may cause some location information attributes to be incorrect. | |||||
| CVE-2025-50176 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. | |||||
| CVE-2025-53144 | 2025-08-13 | N/A | 8.8 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-50168 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53143 | 2025-08-13 | N/A | 8.8 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-53145 | 2025-08-13 | N/A | 8.8 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-53725 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53726 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53724 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2023-51560 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-13 | N/A | 7.8 HIGH |
| Foxit PDF Reader Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22259. | |||||
| CVE-2025-27536 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. | |||||
| CVE-2024-30357 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-08 | N/A | 7.8 HIGH |
| Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22818. | |||||
| CVE-2025-2015 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25236. | |||||
| CVE-2023-42102 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20409. | |||||
| CVE-2025-2016 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25238. | |||||
| CVE-2024-13049 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24847. | |||||
| CVE-2024-13047 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24843. | |||||
| CVE-2025-2022 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25276. | |||||