CWE-843— Access of Resource Using Incompatible Type (Type Confusion)
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.— MITRE CWE catalog
784 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-843page 14 of 16
- CVE-2025-66586HIGHCVSS 7.8EG 7.82025-12-11
In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute c…
- CVE-2025-70023CRITICALCVSS 9.8EG 9.82026-04-14
An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6.
- CVE-2025-7230HIGHCVSS 7.8EG 7.82025-07-21
INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to explo…
- CVE-2025-7259MEDIUMCVSS 6.5EG 6.52025-07-07
An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue af…
- CVE-2025-7424HIGHCVSS 7.5EG 7.82025-07-10
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application o…
- CVE-2025-7995HIGHCVSS 7.8EG 7.82025-09-17
Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2025-7999HIGHCVSS 7.8EG 7.82025-09-17
Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2025-8000HIGHCVSS 7.8EG 7.82025-09-17
Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2025-8002HIGHCVSS 7.8EG 7.82025-09-17
Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2025-8005HIGHCVSS 7.8EG 7.82025-09-17
Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2025-8010HIGHCVSS 8.8EG 8.82025-07-22
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-8011HIGHCVSS 8.8EG 8.82025-07-22
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-8354HIGHCVSS 7.8EG 7.82025-09-23
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the conte…
- CVE-2026-0162HIGHCVSS 8.8EG 8.82026-06-16
In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-10022HIGHCVSS 7.5EG 8.82026-05-28
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity:…
- CVE-2026-10702MEDIUMCVSS 4.3EG 4.32026-06-02
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.
- CVE-2026-10910HIGHCVSS 8.8EG 8.82026-06-04
Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-10935HIGHCVSS 8.8EG 8.82026-06-04
Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-10936HIGHCVSS 8.8EG 8.82026-06-04
Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-10955HIGHCVSS 8.8EG 8.82026-06-04
Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-10962HIGHCVSS 8.8EG 8.82026-06-04
Type Confusion in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-11052CRITICALCVSS 9.6EG 9.62026-06-04
Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Mediu…
- CVE-2026-11076HIGHCVSS 8.8EG 8.82026-06-04
Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-11196MEDIUMCVSS 6.5EG 6.52026-06-04
Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. (Chromium security severity: Medium)
- CVE-2026-11463HIGHCVSS 7.3EG 7.32026-06-07
A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit ha…
- CVE-2026-11662HIGHCVSS 8.8EG 8.82026-06-08
Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-11785MEDIUMCVSS 4.3EG 4.32026-06-09
A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.
- CVE-2026-12298MEDIUMCVSS 5.4EG 5.42026-06-16
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-12299MEDIUMCVSS 5.4EG 5.42026-06-16
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-12390HIGHCVSS 8.4EG 8.42026-06-18
In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
- CVE-2026-13776CRITICALCVSS 9.8EG 9.82026-06-30
Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-13803HIGHCVSS 8.3EG 8.32026-06-30
Type Confusion in Chrome Tabs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13883CRITICALCVSS 9.6EG 9.62026-06-30
Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13967HIGHCVSS 8.8EG 8.82026-06-30
Heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14119MEDIUMCVSS 6.5EG 6.52026-07-01
Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security …
- CVE-2026-14148MEDIUMCVSS 6.5EG 6.52026-07-01
Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14423CRITICALCVSS 9.6EG 9.62026-07-02
Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14431HIGHCVSS 8.8EG 8.82026-07-02
Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-1862HIGHCVSS 8.8EG 8.82026-02-03
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-20451MEDIUMCVSS 6.7EG 6.72026-05-04
In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch…
- CVE-2026-20806MEDIUMCVSS 5.5EG 5.52026-04-14
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
- CVE-2026-20811HIGHCVSS 7.8EG 7.82026-01-13
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- CVE-2026-20860HIGHCVSS 7.8EG 7.82026-01-13
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-21330HIGHCVSS 7.8EG 7.82026-02-10
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2026-21493MEDIUMCVSS 6.6EG 6.62026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is …
- CVE-2026-21505MEDIUMCVSS 5.5EG 5.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue h…
- CVE-2026-21519HIGHCVSS 7.8EG 9.0⚠ KEV2026-02-10
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- CVE-2026-21683HIGHCVSS 8.8EG 8.82026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-21689MEDIUMCVSS 6.5EG 6.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-21690MEDIUMCVSS 6.3EG 6.32026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
Map vulnerabilities like CWE-843 to your infrastructure
EchelonGraph correlates every CVE — across CWE-843 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →