CWE-843— Access of Resource Using Incompatible Type (Type Confusion)
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.— MITRE CWE catalog
784 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-843page 16 of 16
- CVE-2026-5496HIGHCVSS 7.8EG 7.82026-04-11
Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User int…
- CVE-2026-57254HIGHCVSS 7.8EG 7.82026-07-08
There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash.
- CVE-2026-57975HIGHCVSS 7.5EG 7.52026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2026-58283HIGHCVSS 8.1EG 8.12026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-58285HIGHCVSS 8.3EG 8.32026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2026-58289CRITICALCVSS 9.0EG 9.02026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2026-58290HIGHCVSS 7.5EG 7.52026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2026-58295HIGHCVSS 8.3EG 8.32026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2026-58305MEDIUMCVSS 6.1EG 6.12026-07-09
Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.
- CVE-2026-58592HIGHCVSS 8.3EG 8.32026-07-01
Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm:…
- CVE-2026-5865HIGHCVSS 8.8EG 8.82026-04-08
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-5871HIGHCVSS 8.8EG 8.82026-04-08
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-5914HIGHCVSS 8.8EG 8.82026-04-08
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
- CVE-2026-59152MEDIUMCVSS 5.0EG 5.02026-07-06
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary…
- CVE-2026-5946HIGHCVSS 7.5EG 7.52026-05-20
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question sec…
- CVE-2026-6047MEDIUMCVSS 5.4EG 5.42026-06-15
LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field la…
- CVE-2026-6210HIGHCVSS 8.7EG 8.72026-05-06
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* with…
- CVE-2026-6301HIGHCVSS 8.8EG 8.82026-04-15
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-6307HIGHCVSS 8.8EG 8.82026-04-15
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-6363HIGHCVSS 8.8EG 8.82026-04-15
Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-6732HIGHCVSS 7.5EG 6.52026-04-23
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a …
- CVE-2026-7337HIGHCVSS 8.8EG 8.82026-04-28
Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-7914HIGHCVSS 8.3EG 8.32026-05-06
Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sever…
- CVE-2026-7927HIGHCVSS 8.8EG 8.82026-05-06
Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-7988HIGHCVSS 8.8EG 8.82026-05-06
Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-8358MEDIUMCVSS 5.4EG 5.42026-06-15
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a d…
- CVE-2026-8389HIGHCVSS 8.8EG 7.32026-05-12
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
- CVE-2026-8499MEDIUMCVSS 5.3EG 5.32026-06-09
The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_token()` function using a loose comparison…
- CVE-2026-8540HIGHCVSS 8.8EG 8.82026-05-14
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-8554LOWCVSS 3.1EG 3.12026-05-14
Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: H…
- CVE-2026-8570MEDIUMCVSS 6.5EG 6.52026-05-14
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-9117HIGHCVSS 7.5EG 7.52026-05-20
Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security sever…
- CVE-2026-9334HIGHCVSS 7.3EG 7.32026-06-03
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array reference under dupkeys_as_arrayref. The branch r…
- CVE-2026-9983HIGHCVSS 8.8EG 8.82026-05-28
Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Map vulnerabilities like CWE-843 to your infrastructure
EchelonGraph correlates every CVE — across CWE-843 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →