Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-67R8-GW6W-6PF6

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30
VLAI
Details

After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T18:16:30Z",
    "severity": "HIGH"
  },
  "details": "After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-67r8-gw6w-6pf6",
  "modified": "2026-02-10T18:30:42Z",
  "published": "2026-02-10T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21330"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/after_effects/apsb26-15.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-68MP-7F78-5JFG

Vulnerability from github – Published: 2025-02-07 03:32 – Updated: 2025-02-07 03:32
VLAI
Details

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-06T23:15:09Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
  "id": "GHSA-68mp-7f78-5jfg",
  "modified": "2025-02-07T03:32:02Z",
  "published": "2025-02-07T03:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21342"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21342"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6C8C-RR66-RV67

Vulnerability from github – Published: 2022-05-25 00:00 – Updated: 2022-06-08 00:00
VLAI
Details

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-24T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.",
  "id": "GHSA-6c8c-rr66-rv67",
  "modified": "2022-06-08T00:00:31Z",
  "published": "2022-05-25T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32965"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6F98-C25W-H5R6

Vulnerability from github – Published: 2022-03-19 00:00 – Updated: 2022-03-25 00:00
VLAI
Details

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-18T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-6f98-c25w-h5r6",
  "modified": "2022-03-25T00:00:43Z",
  "published": "2022-03-19T00:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22661"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213183"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213184"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6G47-63MV-QPGH

Vulnerability from github – Published: 2021-11-08 17:55 – Updated: 2021-11-04 17:01
VLAI
Summary
Prototype Pollution in dotty
Details

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "dotty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-04T17:01:59Z",
    "nvd_published_at": "2021-11-03T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.",
  "id": "GHSA-6g47-63mv-qpgh",
  "modified": "2021-11-04T17:01:59Z",
  "published": "2021-11-08T17:55:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23624"
    },
    {
      "type": "WEB",
      "url": "https://github.com/deoxxa/dotty/commit/88f61860dcc274a07a263c32cbe9d44c24ef02d7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/deoxxa/dotty"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-DOTTY-1577292"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in dotty"
}

GHSA-6GFG-HH9C-WX87

Vulnerability from github – Published: 2026-07-14 21:32 – Updated: 2026-07-14 21:32
VLAI
Details

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15776"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T21:16:43Z",
    "severity": "HIGH"
  },
  "details": "Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-6gfg-hh9c-wx87",
  "modified": "2026-07-14T21:32:21Z",
  "published": "2026-07-14T21:32:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15776"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_0353146366.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/532595489"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6GJP-59MG-98GH

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30
VLAI
Details

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45456"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:19Z",
    "severity": "HIGH"
  },
  "details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-6gjp-59mg-98gh",
  "modified": "2026-06-09T18:30:48Z",
  "published": "2026-06-09T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45456"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6H5C-V3RW-8HGM

Vulnerability from github – Published: 2025-11-18 00:30 – Updated: 2025-11-18 03:31
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13229"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T00:15:48Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-6h5c-v3rw-8hgm",
  "modified": "2025-11-18T03:31:14Z",
  "published": "2025-11-18T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13229"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/446113731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HXW-8GP8-W9XM

Vulnerability from github – Published: 2025-06-08 12:30 – Updated: 2025-06-08 12:30
VLAI
Details

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-08T12:15:21Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.",
  "id": "GHSA-6hxw-8gp8-w9xm",
  "modified": "2025-06-08T12:30:32Z",
  "published": "2025-06-08T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21082"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6JMV-JQHJ-CG68

Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2025-10-22 00:32
VLAI
Details

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3723"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)",
  "id": "GHSA-6jmv-jqhj-cg68",
  "modified": "2025-10-22T00:32:37Z",
  "published": "2022-11-02T12:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3723"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1378239"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-10"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3723"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.