CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-67R8-GW6W-6PF6
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-21330"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T18:16:30Z",
"severity": "HIGH"
},
"details": "After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-67r8-gw6w-6pf6",
"modified": "2026-02-10T18:30:42Z",
"published": "2026-02-10T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21330"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/after_effects/apsb26-15.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68MP-7F78-5JFG
Vulnerability from github – Published: 2025-02-07 03:32 – Updated: 2025-02-07 03:32Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21342"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-06T23:15:09Z",
"severity": "HIGH"
},
"details": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
"id": "GHSA-68mp-7f78-5jfg",
"modified": "2025-02-07T03:32:02Z",
"published": "2025-02-07T03:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21342"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21342"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6C8C-RR66-RV67
Vulnerability from github – Published: 2022-05-25 00:00 – Updated: 2022-06-08 00:00Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2021-32965"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-24T18:15:00Z",
"severity": "HIGH"
},
"details": "Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.",
"id": "GHSA-6c8c-rr66-rv67",
"modified": "2022-06-08T00:00:31Z",
"published": "2022-05-25T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32965"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6F98-C25W-H5R6
Vulnerability from github – Published: 2022-03-19 00:00 – Updated: 2022-03-25 00:00A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2022-22661"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-18T18:15:00Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-6f98-c25w-h5r6",
"modified": "2022-03-25T00:00:43Z",
"published": "2022-03-19T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22661"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213183"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213184"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213185"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G47-63MV-QPGH
Vulnerability from github – Published: 2021-11-08 17:55 – Updated: 2021-11-04 17:01This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dotty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23624"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-04T17:01:59Z",
"nvd_published_at": "2021-11-03T18:15:00Z",
"severity": "MODERATE"
},
"details": "This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.",
"id": "GHSA-6g47-63mv-qpgh",
"modified": "2021-11-04T17:01:59Z",
"published": "2021-11-08T17:55:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23624"
},
{
"type": "WEB",
"url": "https://github.com/deoxxa/dotty/commit/88f61860dcc274a07a263c32cbe9d44c24ef02d7"
},
{
"type": "PACKAGE",
"url": "https://github.com/deoxxa/dotty"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-DOTTY-1577292"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in dotty"
}
GHSA-6GFG-HH9C-WX87
Vulnerability from github – Published: 2026-07-14 21:32 – Updated: 2026-07-14 21:32Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-15776"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T21:16:43Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-6gfg-hh9c-wx87",
"modified": "2026-07-14T21:32:21Z",
"published": "2026-07-14T21:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15776"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_0353146366.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/532595489"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6GJP-59MG-98GH
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2026-45456"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:19Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-6gjp-59mg-98gh",
"modified": "2026-06-09T18:30:48Z",
"published": "2026-06-09T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45456"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6H5C-V3RW-8HGM
Vulnerability from github – Published: 2025-11-18 00:30 – Updated: 2025-11-18 03:31Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-13229"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T00:15:48Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-6h5c-v3rw-8hgm",
"modified": "2025-11-18T03:31:14Z",
"published": "2025-11-18T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13229"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/446113731"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6HXW-8GP8-W9XM
Vulnerability from github – Published: 2025-06-08 12:30 – Updated: 2025-06-08 12:30in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
{
"affected": [],
"aliases": [
"CVE-2025-21082"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-08T12:15:21Z",
"severity": "LOW"
},
"details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.",
"id": "GHSA-6hxw-8gp8-w9xm",
"modified": "2025-06-08T12:30:32Z",
"published": "2025-06-08T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21082"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6JMV-JQHJ-CG68
Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2025-10-22 00:32Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
{
"affected": [],
"aliases": [
"CVE-2022-3723"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-01T23:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)",
"id": "GHSA-6jmv-jqhj-cg68",
"modified": "2025-10-22T00:32:37Z",
"published": "2022-11-02T12:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3723"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1378239"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3723"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.