CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

Parent: CWE-704 - Incorrect Type Conversion or Cast

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

788 vulnerabilities with CWE-843
CVE-2025-26496 CRITICAL
Tableau Server < 2023.3.19 - Local Code Inclusion via Type Confusion
CVSS 9.3
CVE-2025-53739 HIGH
Microsoft Office Excel - Code Injection
CVSS 7.8
CVE-2025-53726 HIGH
Windows Push Notifications - Privilege Escalation
CVSS 7.8
CVE-2025-53725 HIGH
Windows Push Notifications - Privilege Escalation
CVSS 7.8
CVE-2025-53724 HIGH
Windows Push Notifications - Privilege Escalation
CVSS 7.8
CVE-2025-53145 HIGH
Windows 10 1507-24H2 and Windows Server 2008 - Remote Code Execution via Message Queuing Type Confusion
CVSS 8.8
CVE-2025-53144 HIGH
Windows 10 1507-24H2 and Windows Server 2008 - Remote Code Execution via Type Confusion in Message Queuing
CVSS 8.8
CVE-2025-53143 HIGH
Windows 10 1507-24H2 and Windows Server 2008 - Remote Code Execution via Message Queuing Type Confusion
CVSS 8.8
CVE-2025-50176 HIGH
Windows 11/Server 2022/2025 Local Code Execution via Graphics Kernel Type Confusion
CVSS 7.8
CVE-2025-50168 HIGH
Windows Win32K - ICOMP - Privilege Escalation
CVSS 7.8
CVE-2025-50155 HIGH
Windows Push Notifications - Privilege Escalation
CVSS 7.8
CVE-2025-27536 LOW
OpenHarmony < 5.0.3 - Denial of Service via Type Confusion
CVSS 3.3
CVE-2025-55137 HIGH
LinkJoin <882f196 - Info Disclosure
CVSS 7.4
CVE-2025-54649 MEDIUM
HarmonyOS - Type Confusion in Location Service
CVSS 4.5
CVE-2025-8011 HIGH
Google Chrome < 138.0.7204.168 - Type Confusion in V8 via Crafted HTML Page
CVSS 8.8
CVE-2025-8010 HIGH
Google Chrome < 138.0.7204.168 - Type Confusion in V8 via Crafted HTML Page
CVSS 8.8
CVE-2025-7230 HIGH
INVT VT-Designer - Remote Code Execution via PM3 File Parsing Type Confusion
CVSS 7.8
CVE-2025-7424 HIGH
libxslt - Type Confusion via psvi Memory Field Reuse
CVSS 7.5
CVE-2025-49702 HIGH
Microsoft 365 Apps and Office - Remote Code Execution via Type Confusion
CVSS 7.8
CVE-2025-48815 HIGH
Windows SSDP Service - Privilege Escalation
CVSS 7.8
CVE-2025-7259 MEDIUM
MongoDB 8.1.0 - Authenticated Denial of Service via Duplicate _id Query
CVSS 6.5
CVE-2025-49713 HIGH
Microsoft Edge Chromium < 138.0.3351.65 - Remote Code Execution via Type Confusion
CVSS 8.8
CVE-2025-6554 HIGH KEV
Google Chrome < 138.0.7204.96 - Type Confusion in V8
CVSS 8.1
CVE-2025-5959 HIGH
Google Chrome < 137.0.7151.103 - Remote Code Execution via V8 Type Confusion
CVSS 8.8
CVE-2025-47167 HIGH
Microsoft 365 Apps and Office - Remote Code Execution via Type Confusion
CVSS 8.4
Details
Vulnerabilities 788
Links
MITRE CWE Entry Search this CWE With Exploits