VYPR

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

BaseIncomplete

Description

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (269)

page 12 of 14
  • CVE-2025-61911Oct 10, 2025
    risk 0.00cvss epss 0.00

    python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the…

  • CVE-2025-59717Sep 19, 2025
    risk 0.00cvss epss 0.00

    In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).

  • CVE-2025-48756May 24, 2025
    risk 0.00cvss epss 0.00

    In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.

  • CVE-2024-56522Dec 27, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

  • CVE-2024-47804Oct 2, 2024
    risk 0.00cvss epss 0.01

    If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates…

  • CVE-2024-34392May 2, 2024
    risk 0.00cvss epss 0.01

    libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service…

  • CVE-2024-34391May 2, 2024
    risk 0.00cvss epss 0.01

    libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data…

  • CVE-2024-30266Apr 4, 2024
    risk 0.00cvss epss 0.00

    wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this…

  • CVE-2023-22579Feb 16, 2023
    risk 0.00cvss epss 0.01

    Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

  • CVE-2022-29209May 20, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type…

  • CVE-2022-29181May 20, 2022
    risk 0.00cvss epss 0.03

    Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated…

  • CVE-2022-1176Mar 31, 2022
    risk 0.00cvss epss 0.01

    Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

  • CVE-2021-46743Mar 29, 2022
    risk 0.00cvss epss 0.01

    In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a…

  • CVE-2021-26600Mar 28, 2022
    risk 0.00cvss epss 0.06

    ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).

  • CVE-2022-23583Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such…

  • CVE-2022-21734Feb 3, 2022
    risk 0.00cvss epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and…

  • CVE-2022-21731Feb 3, 2022
    risk 0.00cvss epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the…

  • CVE-2021-24044Jan 15, 2022
    risk 0.00cvss epss 0.01

    By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type…

  • CVE-2021-41190Nov 17, 2021
    risk 0.00cvss epss 0.02

    The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull…

  • CVE-2021-23472Nov 3, 2021
    risk 0.00cvss epss 0.02

    This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.