CWE-843 · Access of Resource Using Incompatible Type (Type Confusion)
803 CVEs classified under CWE-843 (Access of Resource Using Incompatible Type (Type Confusion)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-33970 | Critical | 10.0 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. |
CVE-2023-22579 | Critical | 9.9 | 2023-02-16 | Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. |
CVE-2026-43038 | Critical | 9.8 | 2026-05-01 | In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() Sashiko AI-review observed: … |
CVE-2026-43037 | Critical | 9.8 | 2026-05-01 | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. … |
CVE-2025-70023 | Critical | 9.8 | 2026-04-14 | An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6. |
CVE-2026-33937 | Critical | 9.8 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST… |
CVE-2026-4702 | Critical | 9.8 | 2026-03-24 | JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
CVE-2026-4698 | Critical | 9.8 | 2026-03-24 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149… |
CVE-2026-2796 | Critical | 9.8 | 2026-02-24 | JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. |
CVE-2026-21854 | Critical | 9.8 | 2026-01-07 | The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows… |
CVE-2025-65570 | Critical | 9.8 | 2025-12-29 | A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element acces… |
CVE-2025-14330 | Critical | 9.8 | 2025-12-09 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 14… |
CVE-2025-47151 | Critical | 9.8 | 2025-11-05 | A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML res… |
CVE-2025-10585 | Critical | 9.8 | 2025-09-24 | Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromi… |
CVE-2025-22435 | Critical | 9.8 | 2025-09-02 | In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no a… |
CVE-2024-43498 | Critical | 9.8 | 2024-11-12 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2024-7825 | Critical | 9.8 | 2024-10-03 | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll m… |
CVE-2024-7824 | Critical | 9.8 | 2024-10-03 | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll m… |
CVE-2024-8385 | Critical | 9.8 | 2024-09-03 | A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability af… |
CVE-2024-8381 | Critical | 9.8 | 2024-09-03 | A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerabili… |