Total
650 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29806 | 1 Microsoft | 1 Edge Chromium | 2025-04-03 | 6.5 Medium |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2019-11707 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | 8.8 High |
| A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | ||||
| CVE-2024-27236 | 1 Google | 1 Android | 2025-04-03 | 8.4 High |
| In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-1933 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-04-03 | 7.6 High |
| On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2020-27932 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2025-04-02 | 7.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-20461 | 1 Google | 1 Android | 2025-04-02 | 7.8 High |
| In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963 | ||||
| CVE-2025-21326 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 2025 | 2025-04-02 | 7.8 High |
| Internet Explorer Remote Code Execution Vulnerability | ||||
| CVE-2025-21225 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-04-02 | 5.9 Medium |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | ||||
| CVE-2025-21356 | 1 Microsoft | 2 365 Apps, Office | 2025-04-02 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2024-3852 | 2 Mozilla, Redhat | 7 Firefox, Thunderbird, Enterprise Linux and 4 more | 2025-04-01 | 7.5 High |
| GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||||
| CVE-2023-22579 | 1 Sequelizejs | 1 Sequelize | 2025-04-01 | 9.9 Critical |
| Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | ||||
| CVE-2024-2887 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-28 | 8.1 High |
| Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-53427 | 2025-03-28 | 8.1 High | ||
| decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits). | ||||
| CVE-2022-4205 | 1 Gitlab | 1 Gitlab | 2025-03-27 | 6.3 Medium |
| In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | ||||
| CVE-2023-20616 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6735 and 42 more | 2025-03-26 | 6.7 Medium |
| In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720. | ||||
| CVE-2024-40803 | 1 Apple | 1 Macos | 2025-03-26 | 7.5 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination. | ||||
| CVE-2024-7520 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-03-24 | 8.8 High |
| A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | ||||
| CVE-2025-24137 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-24 | 8 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution. | ||||
| CVE-2019-17026 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Thunderbird and 2 more | 2025-03-21 | 8.8 High |
| Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. | ||||
| CVE-2023-23455 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-03-20 | 5.5 Medium |
| atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||||