Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6418 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2025-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16009 | 6 Cefsharp, Debian, Fedoraproject and 3 more | 8 Cefsharp, Debian Linux, Fedora and 5 more | 2025-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30551 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2025-24129 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-01-31 | N/A | 7.5 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination. | |||||
| CVE-2025-0147 | 2025-01-30 | N/A | 8.8 HIGH | ||
| Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access. | |||||
| CVE-2020-27932 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2025-01-29 | 9.3 HIGH | 7.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2025-21225 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-01-27 | N/A | 5.9 MEDIUM |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | |||||
| CVE-2023-20673 | 2 Google, Mediatek | 43 Android, Iot Yocto, Mt5696 and 40 more | 2025-01-24 | N/A | 6.7 MEDIUM |
| In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103. | |||||
| CVE-2025-22153 | 2025-01-23 | N/A | 7.9 HIGH | ||
| RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available. | |||||
| CVE-2025-21326 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 2025 | 2025-01-22 | N/A | 7.8 HIGH |
| Internet Explorer Remote Code Execution Vulnerability | |||||
| CVE-2023-23557 | 1 Facebook | 1 Hermes | 2025-01-21 | N/A | 9.8 CRITICAL |
| An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2023-25933 | 1 Facebook | 1 Hermes | 2025-01-21 | N/A | 9.8 CRITICAL |
| A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2025-21356 | 1 Microsoft | 2 365 Apps, Office | 2025-01-21 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2024-13275 | 2025-01-14 | N/A | 5.3 MEDIUM | ||
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. | |||||
| CVE-2024-13169 | 2025-01-14 | N/A | 7.8 HIGH | ||
| An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-49119 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-01-14 | N/A | 8.1 HIGH |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | |||||
| CVE-2023-24599 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 4.3 MEDIUM |
| OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion." | |||||
| CVE-2025-22151 | 2025-01-09 | N/A | 3.7 LOW | ||
| Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node interface. When querying for a specific type using the global node field (e.g., FruitType:some-id), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., SpecialFruitType). This can lead to information disclosure if the alternate type exposes sensitive fields and potential privilege escalation if the alternate type contains data intended for restricted access. This vulnerability is fixed in 0.257.0. | |||||
| CVE-2023-28162 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-09 | N/A | 8.8 HIGH |
| While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | |||||
| CVE-2024-38218 | 1 Microsoft | 1 Edge Chromium | 2025-01-08 | N/A | 8.4 HIGH |
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | |||||