MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-12390 | In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution. | 8.4 | 該当なし | 2026-06-18 | 2026-06-18 |
| CVE-2026-0162 | In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.8 | 0.23% | 2026-06-16 | 2026-06-17 |
| CVE-2026-12299 | JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | 5.4 | 0.21% | 2026-06-16 | 2026-06-17 |
| CVE-2026-8358 | LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected. | 5.4 | 0.13% | 2026-06-15 | 2026-06-17 |
| CVE-2026-6047 | LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write. | 5.4 | 0.12% | 2026-06-15 | 2026-06-17 |
| CVE-2026-45641 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | 8.4 | 0.24% | 2026-06-09 | 2026-06-17 |
| CVE-2026-45635 | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. | 8.1 | 0.36% | 2026-06-09 | 2026-06-17 |
| CVE-2026-45600 | Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | 7.8 | 0.23% | 2026-06-09 | 2026-06-17 |
| CVE-2026-45456 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | 0.28% | 2026-06-09 | 2026-06-19 |
| CVE-2026-44817 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | 0.29% | 2026-06-09 | 2026-06-19 |
| CVE-2026-11785 | A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users. | 4.3 | 0.21% | 2026-06-09 | 2026-06-17 |
| CVE-2026-8499 | The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_token()` function using a loose comparison operator (`!=`) instead of a strict comparison (`!==`) when validating the `token` parameter, while the corresponding REST route `/wp-json/helpfulcrowd/v1/update-settings` is registered with a `permission_callback` of `__return_true`, making it reachable by un | 5.3 | 0.27% | 2026-06-09 | 2026-06-17 |
| CVE-2026-11662 | Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | 0.35% | 2026-06-09 | 2026-06-17 |
| CVE-2026-11463 | A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure. | 2.9 | 0.31% | 2026-06-07 | 2026-06-17 |
| CVE-2026-11196 | Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. (Chromium security severity: Medium) | 6.5 | 0.23% | 2026-06-04 | 2026-06-17 |
| CVE-2026-11076 | Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | 0.30% | 2026-06-04 | 2026-06-17 |
| CVE-2026-11052 | Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | 9.6 | 0.26% | 2026-06-04 | 2026-06-17 |
| CVE-2026-10962 | Type Confusion in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | 0.38% | 2026-06-04 | 2026-06-17 |
| CVE-2026-10955 | Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 8.8 | 0.37% | 2026-06-04 | 2026-06-17 |
| CVE-2026-10936 | Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | 0.38% | 2026-06-04 | 2026-06-17 |