Total
666 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49713 | 2025-07-03 | 8.8 High | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-6554 | 1 Google | 1 Chrome | 2025-07-03 | 8.1 High |
| Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-53427 | 1 Jqlang | 1 Jq | 2025-07-01 | 8.1 High |
| decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits). | ||||
| CVE-2025-21356 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-01 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2024-37603 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2025-06-27 | 4.6 Medium |
| An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. | ||||
| CVE-2024-49196 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-20 | 7.5 High |
| An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service. | ||||
| CVE-2023-41060 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-20 | 8.8 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution. | ||||
| CVE-2025-47167 | 2025-06-20 | 8.4 High | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-30397 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-06-17 | 7.5 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-30383 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-06-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-30375 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-06-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-5959 | 1 Google | 1 Chrome | 2025-06-16 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-43596 | 1 Microsoft | 1 Edge Chromium | 2025-06-16 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2024-43498 | 4 Apple, Linux, Microsoft and 1 more | 6 Macos, Linux Kernel, .net and 3 more | 2025-06-16 | 9.8 Critical |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2025-20063 | 1 Openatom | 1 Openharmony | 2025-06-09 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. | ||||
| CVE-2025-21082 | 1 Openatom | 1 Openharmony | 2025-06-09 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. | ||||
| CVE-2025-25000 | 2025-06-04 | 8.8 High | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29791 | 2025-06-04 | 7.8 High | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2024-23222 | 2 Apple, Redhat | 9 Ipados, Iphone Os, Macos and 6 more | 2025-06-03 | 8.8 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. | ||||
| CVE-2024-6119 | 3 Netapp, Openssl, Redhat | 34 500f, 500f Firmware, A250 and 31 more | 2025-06-03 | 7.5 High |
| Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. | ||||