Total
632 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-29079 | 2026-03-13 | N/A | N/A | ||
| Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting the qualified_name field. That corrupted value is later used as a pointer and dereferenced near the zero page. This vulnerability is fixed in 2.7.0. | |||||
| CVE-2026-26110 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-03-13 | N/A | 8.4 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2024-23222 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-03-12 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. | |||||
| CVE-2026-2796 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-27 | N/A | 9.8 CRITICAL |
| JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | |||||
| CVE-2026-2783 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | N/A | 7.5 HIGH |
| Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | |||||
| CVE-2025-41738 | 1 Codesys | 17 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 14 more | 2026-02-23 | N/A | 7.5 HIGH |
| An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition. | |||||
| CVE-2023-4194 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2026-02-18 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. | |||||
| CVE-2025-14799 | 2026-02-18 | N/A | 6.5 MEDIUM | ||
| The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean `true` value for the `id` parameter, which bypasses the authorization check through PHP type juggling. | |||||
| CVE-2023-31323 | 2026-02-13 | N/A | N/A | ||
| Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability. | |||||
| CVE-2026-25537 | 1 Keats | 1 Jsonwebtoken | 2026-02-11 | N/A | 7.5 HIGH |
| jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON type (Like a String instead of a Number), the library’s internal parsing mechanism marks the claim as “FailedToParse”. Crucially, the validation logic treats this “FailedToParse” state identically to “NotPresent”. This means that if a check is enabled (like: validate_nbf = true), but the claim is not explicitly marked as required in required_spec_claims, the library will skip the validation check entirely for the malformed claim, treating it as if it were not there. This allows attackers to bypass critical time-based security restrictions (like “Not Before” checks) and commit potential authentication and authorization bypasses. This issue has been patched in version 10.3.0. | |||||
| CVE-2026-1862 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-11 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-21330 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
| After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-21519 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-24914 | 1 Huawei | 1 Harmonyos | 2026-02-10 | N/A | 4.0 MEDIUM |
| Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2026-25503 | 1 Color | 1 Iccdev | 2026-02-10 | N/A | 7.1 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causing denial of service. This issue has been patched in version 2.3.1.2. | |||||
| CVE-2025-12899 | 2026-02-04 | N/A | 6.5 MEDIUM | ||
| A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem. | |||||
| CVE-2025-29867 | 2026-02-04 | N/A | N/A | ||
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050. | |||||
| CVE-2025-65080 | 2026-02-04 | N/A | N/A | ||
| A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. | |||||
| CVE-2026-21854 | 1 Tarkov | 1 Tarkov Data Manager | 2026-02-03 | N/A | 9.8 CRITICAL |
| The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities. | |||||
| CVE-2025-48756 | 1 Crates | 1 Scsir | 2026-01-30 | N/A | 2.9 LOW |
| In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number. | |||||