Class weakness
Incomplete
CWE-704: Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
Last updated
66
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Class
Abstraction
MITRE classification
Overview
CWE-704 (Incorrect Type Conversion or Cast) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
66 recorded CVEs are caused by CWE-704 (Incorrect Type Conversion or Cast). The highest-severity and most recent are shown first. 14 new CWE-704 CVEs have been recorded so far in 2026 (10 in 2025).
- CVE-2025-41648
Pilz: Authentication Bypass in IndustrialPI Webstatus
Critical · CVSS 9.8 · EPSS 63th2025-07-01 - CVE-2025-41646
RevPi Webstatus application is vulnerable to an authentication bypass
Critical · CVSS 9.8 · EPSS 97th2025-06-06 - CVE-2010-20115
Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption
Critical · CVSS 9.3 · EPSS 98th