Reddit NetSec

CVE Database V5

AlienVault OTX General

Exploit-DB RSS Feed

Reddit InfoSec News

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2025-49713 is a high-severity vulnerability classified as CWE-843 (Access of Resource Using Incompatible Type, commonly known as 'type confusion') affecting Microsoft Edge based on the Chromium engine. This vulnerability arises when the browser improperly handles data types, allowing an attacker to access resources using incompatible types. Such a flaw can lead to memory corruption issues, enabling unauthorized remote code execution. Specifically, an attacker can exploit this vulnerability over a network without requiring any privileges or authentication, although user interaction is necessary (e.g., visiting a malicious website or opening a crafted document). The vulnerability affects Microsoft Edge version 1.0.0.0, indicating it may be present in early or initial releases of the Chromium-based Edge browser. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with a vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting that mitigation efforts should be prioritized. The vulnerability's root cause is a type confusion error, which is a common source of memory safety issues in complex software like browsers, often leading to arbitrary code execution when exploited successfully.

Detailed information about CVE-2025-49713: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Microsoft Edge (Chromium-based) a

CVE-2025-49713: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Microsoft Edge (Chromium-based) - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-49713: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Microsoft Edge (Chromium-based)

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-47167 is a high-severity vulnerability identified in Microsoft Office 2019 (version 19.0.0) characterized as a type confusion flaw (CWE-843). Type confusion occurs when a program accesses a resource using an incompatible type, leading to unexpected behavior. In this case, the vulnerability allows an unauthorized attacker to execute arbitrary code locally without requiring user interaction or prior authentication. The flaw resides in the way Microsoft Office 2019 handles certain internal data structures or objects, causing the application to misinterpret data types and potentially execute malicious payloads. The CVSS 3.1 base score of 8.4 reflects the critical impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction needed. Exploitation requires local access, meaning the attacker must have some form of access to the victim machine, but once exploited, it can lead to full system compromise. No known exploits are currently reported in the wild, and no patches have been published yet, increasing the urgency for organizations to monitor updates. The vulnerability's exploitation could be triggered by opening a specially crafted Office document or through other local vectors that manipulate Office's internal processing of data types. Given Microsoft Office's widespread use in enterprise and government environments, this vulnerability poses a significant risk for lateral movement and privilege escalation within compromised networks.

Detailed information about CVE-2025-47167: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Microsoft Office 2019 affecting M

CVE-2025-47167: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Microsoft Office 2019 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-47167: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Microsoft Office 2019

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

CVE-2025-21082 is a vulnerability identified in OpenHarmony version 5.0.3 and earlier, specifically affecting version 5.0.1 as noted. The issue is classified under CWE-843, which corresponds to 'Access of Resource Using Incompatible Type,' commonly known as a type confusion vulnerability. Type confusion occurs when a program accesses a resource (such as memory or an object) using a type that is incompatible with the actual type of the resource, potentially leading to undefined behavior. In this case, a local attacker can exploit this vulnerability to cause application crashes by triggering type confusion within the OpenHarmony operating system environment. The vulnerability requires local access with low privileges (PR:L) and does not require user interaction (UI:N). The attack complexity is low (AC:L), meaning it is relatively straightforward to exploit given local access. The CVSS v3.1 base score is 3.3, indicating a low severity primarily due to its limited impact and local attack vector. The impact is limited to availability, as the vulnerability causes application crashes without compromising confidentiality or integrity. There are no known exploits in the wild, and no patches or mitigation links have been provided at the time of this analysis. OpenHarmony is an open-source distributed operating system designed for a variety of smart devices, including IoT devices, wearables, and embedded systems. The vulnerability's exploitation could disrupt the normal operation of applications running on affected devices, potentially leading to denial of service conditions locally but does not escalate to remote code execution or privilege escalation based on current information.

Detailed information about CVE-2025-21082: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in OpenHarmony OpenHarmony affecting OpenHarmon

CVE-2025-21082: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in OpenHarmony OpenHarmony - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-21082: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in OpenHarmony OpenHarmony

CVE-2025-20063 is a vulnerability identified in OpenHarmony version 5.0.3 and earlier, specifically affecting version 5.0.1. The issue is classified as CWE-843, which corresponds to 'Access of Resource Using Incompatible Type,' commonly known as a type confusion vulnerability. This flaw allows a local attacker to cause applications running on the affected OpenHarmony system to crash by exploiting improper type handling within the software. Type confusion vulnerabilities occur when a program accesses a resource or memory location using an incorrect data type, leading to undefined behavior such as crashes or potentially more severe consequences. However, in this case, the vulnerability primarily results in denial of service through application crashes rather than code execution or privilege escalation. The CVSS v3.1 base score assigned is 3.3, indicating a low severity level. The vector string (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) shows that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and only impacts availability (A:L). There are no known exploits in the wild, and no patches have been linked yet. The vulnerability is limited to local attackers and does not appear to allow remote exploitation or data compromise. OpenHarmony is an open-source distributed operating system primarily targeting IoT devices and smart terminals, which may include consumer electronics, industrial devices, and embedded systems.

Detailed information about CVE-2025-20063: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in OpenHarmony OpenHarmony affecting OpenHarmon

CVE-2025-20063: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in OpenHarmony OpenHarmony - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-20063: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in OpenHarmony OpenHarmony

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.

CVE-2025-48756 is a low-severity vulnerability identified in version 0.2.0 of the 'scsir' crate, a Rust library developed by the maboroshinokiseki project. The vulnerability is classified under CWE-843, which pertains to 'Access of Resource Using Incompatible Type,' commonly known as a type confusion issue. Specifically, the flaw arises in the handling of the 'group_number' parameter within the crate. The vulnerability is due to an overflow condition caused by the crate's assumption about the size of the group number field. While the hardware device interfacing with the crate expects the group number to be represented within a limited bit width (for example, 5 bits), the crate does not enforce this constraint properly. This mismatch can lead to an overflow when larger values are processed, potentially causing unexpected behavior or resource mismanagement. The CVSS 3.1 base score is 2.9, reflecting a low severity level. The vector indicates that the attack vector is local (AV:L), requires high attack complexity (AC:H), does not require privileges (PR:N), nor user interaction (UI:N), and impacts only availability (A:L) without affecting confidentiality or integrity. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability's impact is limited to availability degradation due to the overflow, which may cause crashes or denial of service in systems using this crate for SCSI-related operations. Given that the vulnerability requires local access and high complexity to exploit, it is unlikely to be exploited remotely or easily. The crate's usage context is critical to understanding the risk, as it is a specialized Rust library for SCSI interface operations, which are typically relevant in storage or hardware communication layers.

Detailed information about CVE-2025-48756: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in maboroshinokiseki scsir affecting maboroshin

CVE-2025-48756: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in maboroshinokiseki scsir - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48756: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in maboroshinokiseki scsir

A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-42823 is a high-severity vulnerability affecting multiple Apple operating systems and browsers, including macOS Ventura 13, tvOS 16.1, watchOS 9.1, Safari 16.1, iOS 16.1, and iPadOS 16. The root cause is a type confusion flaw, categorized under CWE-843, which arises from improper memory handling during the processing of web content. This vulnerability allows an attacker to craft malicious web content that, when processed by a vulnerable Apple device, can lead to arbitrary code execution. The CVSS v3.1 base score of 8.8 reflects the critical nature of this flaw, with an attack vector over the network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning successful exploitation can fully compromise the affected system. The vulnerability is fixed in the latest versions of the affected Apple products, indicating that earlier versions remain vulnerable. No known exploits in the wild have been reported to date, but the ease of exploitation and the potential impact make this a significant threat. The vulnerability primarily targets Apple’s web content processing components, likely within Safari or underlying system libraries handling web content rendering and scripting. This type of vulnerability can be exploited via malicious websites or embedded web content in emails or other applications that render web content, making it a plausible vector for widespread attacks if weaponized.

Detailed information about CVE-2022-42823: Processing maliciously crafted web content may lead to arbitrary code execution in Apple macOS affecting Apple macOS.

CVE-2022-42823: Processing maliciously crafted web content may lead to arbitrary code execution in Apple macOS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2022-42823: Processing maliciously crafted web content may lead to arbitrary code execution in Apple macOS

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution.

CVE-2022-42841 is a high-severity vulnerability affecting Apple macOS operating systems, specifically versions prior to the patched releases macOS Monterey 12.6.2, macOS Ventura 13.1, and macOS Big Sur 11.7.2. The vulnerability arises from a type confusion flaw (CWE-843) in the way macOS processes certain package files. Type confusion occurs when a program mistakenly treats a piece of memory as a different type than it actually is, leading to unpredictable behavior. In this case, processing a maliciously crafted package can trigger this flaw, allowing an attacker to execute arbitrary code on the affected system. The CVSS 3.1 base score is 7.8, indicating a high severity level. The vector string (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reveals that the attack requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but does require user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means that successful exploitation can fully compromise the affected system, allowing an attacker to read, modify, or delete data and disrupt system availability. No known exploits are currently reported in the wild, but the vulnerability is critical enough that attackers could develop exploits targeting unpatched systems. The vulnerability was addressed by Apple through improved type checking in the package processing code to prevent type confusion and arbitrary code execution. The affected product is macOS, a widely used operating system in both consumer and enterprise environments, especially in sectors such as creative industries, software development, and education. Given the requirement for local access and user interaction, exploitation typically involves tricking a user into opening or processing a malicious package file, such as through email attachments, downloads, or removable media. This vulnerability underscores the importance of patching macOS systems promptly to prevent potential compromise through crafted packages.

Detailed information about CVE-2022-42841: Processing a maliciously crafted package may lead to arbitrary code execution in Apple macOS affecting Apple macOS. G

CVE-2022-42841: Processing a maliciously crafted package may lead to arbitrary code execution in Apple macOS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2022-42841: Processing a maliciously crafted package may lead to arbitrary code execution in Apple macOS

In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.

CVE-2023-32835 is a vulnerability identified in multiple MediaTek SoCs (System on Chips) including MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757 series, MT6761 through MT6791 series, MT6833 through MT6895 series, MT6983, MT8185, MT8321, MT8385, MT8666 through MT8675, MT8765 through MT8798, and others. These chips are widely used in a variety of Android devices, particularly smartphones running Android versions 11.0, 12.0, and 13.0. The vulnerability is due to a type confusion issue in the keyinstall component, which leads to possible memory corruption. This memory corruption can be exploited locally to achieve an elevation of privilege, allowing an attacker to gain System execution privileges. Notably, exploitation does not require any user interaction, but it does require the attacker to have some level of local access with existing privileges (PR:H in CVSS terms). The vulnerability is classified under CWE-843 (Type Confusion), which typically involves the program treating a piece of memory as a different type than it actually is, leading to undefined behavior and potential security breaches. The CVSS v3.1 score is 6.7 (medium severity), reflecting high impact on confidentiality, integrity, and availability (all rated high), but with limited attack vector (local) and requiring high privileges to exploit. No known exploits are currently reported in the wild, and no patch links are provided in the data, though the issue is tracked internally by MediaTek (Patch ID: ALPS08157918). The vulnerability affects a broad range of MediaTek chipsets that power many mid-range and budget Android devices globally. The key risk is that a local attacker or malicious app with elevated privileges could leverage this flaw to gain full system control, potentially bypassing security controls and compromising device integrity and data confidentiality.

Detailed information about CVE-2023-32835: Elevation of Privilege in MediaTek, Inc. MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, M

CVE-2023-32835: Elevation of Privilege in MediaTek, Inc. MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2023-32835: Elevation of Privilege in MediaTek, Inc. MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798

Windows Scripting Engine Memory Corruption Vulnerability

CVE-2023-36017 is a high-severity memory corruption vulnerability affecting the Windows Scripting Engine component in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The underlying issue is a type confusion flaw (CWE-843), where the system accesses a resource using an incompatible type, leading to memory corruption. This vulnerability can be triggered remotely over the network without requiring privileges (AV:N/PR:N), but it does require user interaction (UI:R), such as opening a maliciously crafted web page or document that leverages the Windows Scripting Engine. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the current user, potentially leading to full system compromise. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability scope is unchanged (S:U), meaning the impact is confined to the vulnerable component on the affected system. No known exploits in the wild have been reported as of the publication date (November 14, 2023). The vulnerability was reserved in June 2023 and published in November 2023, indicating recent discovery and disclosure. No official patches or mitigation links were provided in the source information, suggesting that organizations may need to rely on workarounds or wait for vendor updates. Given the Windows Scripting Engine's role in processing scripts in various Microsoft technologies, this vulnerability poses a significant risk, especially in environments where Windows 10 Version 1809 remains in use, despite being an older release with limited support. Attackers could craft malicious scripts embedded in web content or documents to exploit this flaw, potentially leading to widespread compromise if deployed in targeted phishing campaigns or drive-by downloads.

Detailed information about CVE-2023-36017: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Windows 10 Version 1809 affecting

CVE-2023-36017: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Windows 10 Version 1809 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2023-36017: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Microsoft Windows 10 Version 1809

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.

CVE-2022-3903 is a medium-severity vulnerability identified in the Linux kernel, specifically within the Infrared Transceiver USB driver. The flaw is categorized under CWE-843, which relates to an incorrect read request. This vulnerability arises when a user connects a malicious USB device that exploits improper handling of read requests by the driver. The exploit does not require any privileges or user interaction, making it accessible to local users who can physically attach a crafted USB device. The primary consequence of this vulnerability is resource starvation, which can lead to a denial of service (DoS) condition by crashing or hanging the affected system. The vulnerability affects Linux kernel version 6.1-rc5, a release candidate version, indicating that it may impact systems running this or similar kernel versions if the driver is enabled. The CVSS v3.1 base score is 4.6, reflecting a medium severity level, with the vector indicating that the attack requires physical access (AV:P), low attack complexity (AC:L), no privileges (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but high impact on availability (A:H). There are no known exploits in the wild, and no patches are explicitly linked in the provided data, though kernel maintainers typically address such issues promptly. The vulnerability is significant because it can be triggered by simply plugging in a malicious USB device, which is a common attack vector in many environments. The Infrared Transceiver USB driver is not universally enabled on all Linux systems, but where present, it represents a potential attack surface for local adversaries aiming to disrupt system availability.

Detailed information about CVE-2022-3903: CWE-843 in Kernel affecting n/a Kernel. Get real-time updates, technical details, and mitigation strategies.

Title	Severity	Type	Source	Date

Threats Tagged 'cwe-843'

Filter Threats

Threats Tagged 'cwe-843'

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility