Total
688 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12834 | 1 Deltaww | 1 Drasimucad | 2025-07-11 | N/A |
| Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22414. | ||||
| CVE-2024-12836 | 1 Deltaww | 1 Drasimucad | 2025-07-11 | N/A |
| Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450. | ||||
| CVE-2024-13169 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.8 High |
| An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2025-47167 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-11 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-2197 | 1 Honor | 1 Baidu | 2025-07-11 | 4.3 Medium |
| Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability. | ||||
| CVE-2023-24944 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2025-07-10 | 6.5 Medium |
| Windows Bluetooth Driver Information Disclosure Vulnerability | ||||
| CVE-2024-38207 | 1 Microsoft | 1 Edge Chromium | 2025-07-10 | 6.3 Medium |
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | ||||
| CVE-2024-38219 | 1 Microsoft | 1 Edge Chromium | 2025-07-10 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2024-38218 | 1 Microsoft | 1 Edge Chromium | 2025-07-10 | 8.4 High |
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | ||||
| CVE-2024-38209 | 1 Microsoft | 1 Edge Chromium | 2025-07-10 | 7.8 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-29791 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-25000 | 1 Microsoft | 1 Edge Chromium | 2025-07-09 | 8.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-7259 | 1 Mongodb | 1 Mongodb | 2025-07-08 | 6.5 Medium |
| An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0. | ||||
| CVE-2023-42105 | 2 Ashlar, Ashlar Vellum | 2 Cobalt, Cobalt | 2025-07-08 | 7.8 High |
| Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20562. | ||||
| CVE-2024-43498 | 4 Apple, Linux, Microsoft and 1 more | 6 Macos, Linux Kernel, .net and 3 more | 2025-07-08 | 9.8 Critical |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-43596 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2024-53427 | 1 Jqlang | 1 Jq | 2025-07-01 | 8.1 High |
| decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits). | ||||
| CVE-2025-21356 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-01 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2024-37603 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2025-06-27 | 4.6 Medium |
| An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. | ||||
| CVE-2025-5959 | 1 Google | 1 Chrome | 2025-06-24 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||