VYPR

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

BaseIncomplete

Description

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (269)

page 7 of 14
  • CVE-2025-29867HigFeb 4, 2026
    risk 0.55cvss epss 0.00

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018:…

  • CVE-2025-62554HigDec 9, 2025
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-47167HigJun 10, 2025
    risk 0.55cvss 8.4epss 0.01

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-7914HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6119HigSep 3, 2024
    risk 0.54cvss 7.5epss 0.67

    Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can…

  • CVE-2026-45635HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.01

    Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

  • CVE-2024-34394HigMay 2, 2024
    risk 0.53cvss 8.1epss 0.01

    libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of…

  • CVE-2024-34393HigMay 2, 2024
    risk 0.53cvss 8.1epss 0.01

    libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems),…

  • CVE-2025-24137HigJan 27, 2025
    risk 0.52cvss 8.0epss 0.01

    A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3. An attacker on the local network may corrupt process memory.

  • CVE-2026-45600HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

  • CVE-2026-44817HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-35417HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34344HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27298HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…

  • CVE-2026-26162HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.

  • CVE-2026-5496HigApr 11, 2026
    risk 0.51cvss 7.8epss 0.00

    Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this…

  • CVE-2025-66586HigDec 11, 2025
    risk 0.51cvss 7.8epss 0.00

    In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current…

  • CVE-2025-49702HigJul 8, 2025
    risk 0.51cvss 7.8epss 0.01

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-24213HigMar 31, 2025
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption.

  • CVE-2024-3298HigApr 4, 2024
    risk 0.51cvss 7.8epss 0.00

    Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or…