Skip to main content

CWE-681

Incorrect Conversion between Numeric Types

62 CVEs Avg CVSS 7.2 MITRE
6
CRITICAL
31
HIGH
24
MEDIUM
1
LOW
13
POC
0
KEV

Monthly

CVE-2026-50402 HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-53133 HIGH PATCH This Week

Memory corruption in the Linux kernel's RDMA/umem subsystem occurs because __rdma_block_iter_next() uses 32-bit types to reassemble scatter-gather entries, truncating DMA addresses for block sizes of 4GB or larger when an IOMMU linearizes the mapping. Affected versions span the long-lived 5.2 through 7.1 development line; a low-privileged local actor with RDMA device access can drive the kernel to compute wrong DMA addresses, yielding high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS is low (0.18%, 7th percentile), consistent with the narrow hardware/configuration prerequisites.

Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-9143 MEDIUM This Month

Silent integer truncation in NI grpc-device 2.17.0 and earlier allows unauthenticated network-accessible attackers to corrupt size values processed by the CodeGen component, potentially causing integrity violations in instrument control operations. The root cause is CWE-681 - missing range checks during numeric type conversion in CodeGen - meaning oversized size fields silently lose their high-order bits rather than being rejected or flagged. No CISA KEV listing and no public exploit code have been identified at time of analysis, placing this in a lower operational priority tier despite its medium CVSS 4.0 score of 6.3.

Information Disclosure Grpc Device Instrumentstudio
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-24192 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.

Nvidia RCE Information Disclosure Buffer Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26178 HIGH PATCH Exploit Unlikely This Week

Integer size truncation in Windows Advanced Rasterization Platform (WARP) enables unauthenticated remote attackers to achieve code execution with elevated privileges across Windows 10, 11, and Server editions by persuading users to interact with malicious content. Microsoft has released security updates addressing this vulnerability across all supported Windows versions. No public exploit identified at time of analysis, though the unauthenticated remote attack vector (CVSS AV:N/PR:N) combined wi

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-34945 Cargo LOW PATCH GHSA Monitor

Wasmtime's Winch compiler in versions 25.0.0 through 36.0.6, 42.0.1, and 43.0.0 incorrectly translates the WebAssembly table.size instruction for 64-bit tables under the memory64 proposal, allowing WebAssembly guests to read sensitive data from the host's stack. The vulnerability stems from static typing the return value as 32-bit instead of consulting the table's actual index type, which when combined with Winch's multi-value return ABI mechanics enables stack data disclosure. This is fixed in Wasmtime 36.0.7, 42.0.2, and 43.0.1; no public exploit code or active exploitation has been identified at time of analysis, but the low CVSS score (2.3) reflects limited real-world impact due to authentication requirements and limited technical scope.

Information Disclosure Wasmtime
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-24174 HIGH This Week

Remote denial of service in NVIDIA Triton Inference Server (all versions prior to r26.02) allows unauthenticated attackers to crash the server via malformed requests. The vulnerability has a CVSS score of 7.5 with network-accessible attack vector and low complexity, requiring no privileges or user interaction. EPSS data not provided; no public exploit identified at time of analysis. The issue stems from improper conversion between numeric types (CWE-681), enabling trivial service disruption for ML inference workloads.

Nvidia Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4931 MEDIUM This Month

Marginal v1 smart contract implements an unsafe numeric downcast that enables attackers to settle large debt positions using negligible asset amounts, creating a critical financial manipulation vector in the DeFi protocol. The vulnerability affects Marginal Smart Contract v1 across all deployment instances accessible via the public blockchain network. An attacker can exploit this type confusion flaw to bypass intended collateral requirements and artificially close positions at drastically undervalued rates, causing financial loss to the protocol and legitimate liquidity providers.

Information Disclosure Marginal Smart Contract
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-34610 MEDIUM PATCH This Month

Leancrypto library prior to version 1.7.1 allows remote attackers to impersonate X.509 certificate identities by crafting certificates with padded Common Names that exploit integer overflow when casting size_t to uint8_t, enabling spoofing in PKCS#7 verification, certificate chain matching, and code signing scenarios. The vulnerability has a moderate CVSS score of 5.9 (network-accessible, high complexity attack) and is not confirmed in active exploitation, though the attack is technically straightforward once a malicious certificate is crafted.

Information Disclosure Leancrypto
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34550 MEDIUM This Month

Denial of service in iccDEV prior to version 2.3.1.6 caused by undefined behavior from unsafe implicit conversion of negative signed integers to unsigned size_t in IccProfLib/IccIO.cpp. Local attackers can exploit this condition to crash applications using vulnerable iccDEV libraries by providing specially crafted ICC color profile files, resulting in high availability impact with no authentication required.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in the Linux kernel's RDMA/umem subsystem occurs because __rdma_block_iter_next() uses 32-bit types to reassemble scatter-gather entries, truncating DMA addresses for block sizes of 4GB or larger when an IOMMU linearizes the mapping. Affected versions span the long-lived 5.2 through 7.1 development line; a low-privileged local actor with RDMA device access can drive the kernel to compute wrong DMA addresses, yielding high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS is low (0.18%, 7th percentile), consistent with the narrow hardware/configuration prerequisites.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Silent integer truncation in NI grpc-device 2.17.0 and earlier allows unauthenticated network-accessible attackers to corrupt size values processed by the CodeGen component, potentially causing integrity violations in instrument control operations. The root cause is CWE-681 - missing range checks during numeric type conversion in CodeGen - meaning oversized size fields silently lose their high-order bits rather than being rejected or flagged. No CISA KEV listing and no public exploit code have been identified at time of analysis, placing this in a lower operational priority tier despite its medium CVSS 4.0 score of 6.3.

Information Disclosure Grpc Device Instrumentstudio
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.

Nvidia RCE Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Integer size truncation in Windows Advanced Rasterization Platform (WARP) enables unauthenticated remote attackers to achieve code execution with elevated privileges across Windows 10, 11, and Server editions by persuading users to interact with malicious content. Microsoft has released security updates addressing this vulnerability across all supported Windows versions. No public exploit identified at time of analysis, though the unauthenticated remote attack vector (CVSS AV:N/PR:N) combined wi

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Wasmtime's Winch compiler in versions 25.0.0 through 36.0.6, 42.0.1, and 43.0.0 incorrectly translates the WebAssembly table.size instruction for 64-bit tables under the memory64 proposal, allowing WebAssembly guests to read sensitive data from the host's stack. The vulnerability stems from static typing the return value as 32-bit instead of consulting the table's actual index type, which when combined with Winch's multi-value return ABI mechanics enables stack data disclosure. This is fixed in Wasmtime 36.0.7, 42.0.2, and 43.0.1; no public exploit code or active exploitation has been identified at time of analysis, but the low CVSS score (2.3) reflects limited real-world impact due to authentication requirements and limited technical scope.

Information Disclosure Wasmtime
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in NVIDIA Triton Inference Server (all versions prior to r26.02) allows unauthenticated attackers to crash the server via malformed requests. The vulnerability has a CVSS score of 7.5 with network-accessible attack vector and low complexity, requiring no privileges or user interaction. EPSS data not provided; no public exploit identified at time of analysis. The issue stems from improper conversion between numeric types (CWE-681), enabling trivial service disruption for ML inference workloads.

Nvidia Denial Of Service
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Marginal v1 smart contract implements an unsafe numeric downcast that enables attackers to settle large debt positions using negligible asset amounts, creating a critical financial manipulation vector in the DeFi protocol. The vulnerability affects Marginal Smart Contract v1 across all deployment instances accessible via the public blockchain network. An attacker can exploit this type confusion flaw to bypass intended collateral requirements and artificially close positions at drastically undervalued rates, causing financial loss to the protocol and legitimate liquidity providers.

Information Disclosure Marginal Smart Contract
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Leancrypto library prior to version 1.7.1 allows remote attackers to impersonate X.509 certificate identities by crafting certificates with padded Common Names that exploit integer overflow when casting size_t to uint8_t, enabling spoofing in PKCS#7 verification, certificate chain matching, and code signing scenarios. The vulnerability has a moderate CVSS score of 5.9 (network-accessible, high complexity attack) and is not confirmed in active exploitation, though the attack is technically straightforward once a malicious certificate is crafted.

Information Disclosure Leancrypto
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Denial of service in iccDEV prior to version 2.3.1.6 caused by undefined behavior from unsafe implicit conversion of negative signed integers to unsigned size_t in IccProfLib/IccIO.cpp. Local attackers can exploit this condition to crash applications using vulnerable iccDEV libraries by providing specially crafted ICC color profile files, resulting in high availability impact with no authentication required.

Information Disclosure Iccdev
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy