CWE-704 · Incorrect Type Conversion or Cast

269 CVEs classified under CWE-704 (Incorrect Type Conversion or Cast). Browse by severity and year.

Top CVEs for CWE-704
CVESeverityScorePublishedSummary
CVE-2025-41648Critical9.82025-07-01An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available se…
CVE-2025-41646Critical9.82025-06-06An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full com…
CVE-2024-5436Critical9.82024-05-31Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88…
CVE-2021-33318Critical9.82022-05-16An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (Watso…
CVE-2020-25576Critical9.82020-09-14An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
CVE-2020-6151Critical9.82020-09-01A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file c…
CVE-2011-2337Critical9.82019-11-07A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.
CVE-2011-1460Critical9.82019-11-05WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.
CVE-2016-7398Critical9.82019-09-06A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0b…
CVE-2018-15981Critical9.82018-11-29Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-12812Critical9.82018-07-20Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. S…
CVE-2018-14403Critical9.82018-07-19MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The r…
CVE-2018-4944Critical9.82018-05-19Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execu…
CVE-2017-9183Critical9.82017-05-23libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.
CVE-2016-7979Critical9.82017-05-23Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type c…
CVE-2023-21651Critical9.32023-08-08Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
CVE-2026-27809Critical9.12026-02-26psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data…
CVE-2025-40541Critical9.12026-02-24An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as…
CVE-2025-40540Critical9.12026-02-24A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged accoun…
CVE-2025-40539Critical9.12026-02-24A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged accoun…