CWE-704: Incorrect Type Conversion or Cast — known CVE vulnerabilities
CVEs classified under CWE-704 (Incorrect Type Conversion or Cast), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2015-3120 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe…
CVE-2025-41648 — CVSS 9.8 (critical): An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and…
CVE-2025-41646 — CVSS 9.8 (critical): An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion…
CVE-2021-33318 — CVSS 9.8 (critical): An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and…
CVE-2020-25576 — CVSS 9.8 (critical): An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment…
CVE-2020-6151 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially…
CVE-2011-2337 — CVSS 9.8 (critical): A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.
CVE-2011-1460 — CVSS 9.8 (critical): WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.
CVE-2016-7398 — CVSS 9.8 (critical): A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and…
CVE-2018-15981 — CVSS 9.8 (critical): Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code…
CVE-2018-12812 — CVSS 9.8 (critical): Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type…
CVE-2018-14403 — CVSS 9.8 (critical): MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for…
CVE-2018-4944 — CVSS 9.8 (critical): Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to…
CVE-2017-9183 — CVSS 9.8 (critical): libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.
CVE-2016-7979 — CVSS 9.8 (critical): Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code…
CVE-2010-20115: Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by…
CVE-2023-21651 — CVSS 9.3 (critical): Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
CVE-2025-40540 — CVSS 9.1 (critical): A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code…
CVE-2025-40539 — CVSS 9.1 (critical): A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code…
CVE-2021-28918 — CVSS 9.1 (critical): Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform…
CVE-2025-13720 — CVSS 8.8 (high): Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to…
CVE-2025-62494 — CVSS 8.8 (high): A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first…
CVE-2023-28162 — CVSS 8.8 (high): While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a…
CVE-2023-25737 — CVSS 8.8 (high): An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability…
CVE-2021-43537 — CVSS 8.8 (high): An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially…
CVE-2021-39173 — CVSS 8.8 (high): Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin)…
CVE-2011-1805 — CVSS 8.8 (high): Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-10355 — CVSS 8.8 (high): A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers…
CVE-2018-6157 — CVSS 8.8 (high): Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2018-4284 — CVSS 8.8 (high): A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS…
CVE-2019-5757 — CVSS 8.8 (high): An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object…
CVE-2018-17685 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User…
CVE-2018-6170 — CVSS 8.8 (high): A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2018-6124 — CVSS 8.8 (high): Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object…
CVE-2018-6056 — CVSS 8.8 (high): Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute…
CVE-2018-6064 — CVSS 8.8 (high): Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to…
CVE-2018-14317 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User…
CVE-2017-15413 — CVSS 8.8 (high): Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption…
CVE-2018-14313 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User…
CVE-2018-14311 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is…
CVE-2018-14288 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14287 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14286 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14285 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14279 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14278 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14277 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14276 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14275 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-14274 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…