CWE-704 · Incorrect Type Conversion or Cast
269 CVEs classified under CWE-704 (Incorrect Type Conversion or Cast). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41648 | Critical | 9.8 | 2025-07-01 | An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available se… |
CVE-2025-41646 | Critical | 9.8 | 2025-06-06 | An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full com… |
CVE-2024-5436 | Critical | 9.8 | 2024-05-31 | Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88… |
CVE-2021-33318 | Critical | 9.8 | 2022-05-16 | An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (Watso… |
CVE-2020-25576 | Critical | 9.8 | 2020-09-14 | An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. |
CVE-2020-6151 | Critical | 9.8 | 2020-09-01 | A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file c… |
CVE-2011-2337 | Critical | 9.8 | 2019-11-07 | A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms. |
CVE-2011-1460 | Critical | 9.8 | 2019-11-05 | WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. |
CVE-2016-7398 | Critical | 9.8 | 2019-09-06 | A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0b… |
CVE-2018-15981 | Critical | 9.8 | 2018-11-29 | Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
CVE-2018-12812 | Critical | 9.8 | 2018-07-20 | Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. S… |
CVE-2018-14403 | Critical | 9.8 | 2018-07-19 | MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The r… |
CVE-2018-4944 | Critical | 9.8 | 2018-05-19 | Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execu… |
CVE-2017-9183 | Critical | 9.8 | 2017-05-23 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7. |
CVE-2016-7979 | Critical | 9.8 | 2017-05-23 | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type c… |
CVE-2023-21651 | Critical | 9.3 | 2023-08-08 | Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. |
CVE-2026-27809 | Critical | 9.1 | 2026-02-26 | psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data… |
CVE-2025-40541 | Critical | 9.1 | 2026-02-24 | An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as… |
CVE-2025-40540 | Critical | 9.1 | 2026-02-24 | A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged accoun… |
CVE-2025-40539 | Critical | 9.1 | 2026-02-24 | A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged accoun… |