CWE-451— User Interface Misrepresentation of Critical Information
191 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-451page 2 of 4
- CVE-2024-49040HIGHCVSS 7.5EG 7.52024-11-12
Microsoft Exchange Server Spoofing Vulnerability
- CVE-2024-4950MEDIUMCVSS 6.5EG 5.32024-05-15
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity:…
- CVE-2024-49796MEDIUMCVSS 5.4EG 5.42025-02-06
IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and p…
- CVE-2024-51749LOWCVSS 3.5EG 3.52024-11-12
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to eve…
- CVE-2024-52269HIGHCVSS 8.1EG 8.12024-12-04
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024…
- CVE-2024-52270HIGHCVSS 8.2EG 0.02024-12-05
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome …
- CVE-2024-52271HIGHCVSS 8.2EG 7.92024-12-05
User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the …
- CVE-2024-52276HIGHCVSS 7.5EG 7.52024-12-04
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Display…
- CVE-2024-52277HIGHCVSS 8.2EG 0.02024-12-04
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the p…
- CVE-2024-54558LOWCVSS 2.8EG 7.52025-03-10
A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.
- CVE-2024-55889MEDIUMCVSS 4.9EG 4.92024-12-13
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an…
- CVE-2024-55896MEDIUMCVSS 5.4EG 5.42025-01-03
IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.
- CVE-2024-5698MEDIUMCVSS 6.1EG 6.12024-06-11
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 12…
- CVE-2024-6429MEDIUMCVSS 4.3EG 4.32025-09-23
A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject ar…
- CVE-2024-6595LOWCVSS 3.0EG 3.02024-07-17
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting …
- CVE-2024-6610MEDIUMCVSS 4.3EG 4.32024-07-09
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
- CVE-2024-6999MEDIUMCVSS 4.3EG 4.32024-08-06
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Med…
- CVE-2024-7019MEDIUMCVSS 4.3EG 4.32024-09-23
Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-7020MEDIUMCVSS 4.3EG 4.32024-09-23
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-7021MEDIUMCVSS 4.3EG 4.32025-11-14
Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-7529MEDIUMCVSS 6.5EG 8.12024-08-06
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < …
- CVE-2024-8909MEDIUMCVSS 4.3EG 4.32024-09-17
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-9163LOWCVSS 3.5EG 3.52025-05-23
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.
- CVE-2025-0435MEDIUMCVSS 6.5EG 6.52025-01-15
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0446MEDIUMCVSS 4.3EG 4.32025-01-15
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security s…
- CVE-2025-0451MEDIUMCVSS 6.3EG 6.32025-02-04
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium securi…
- CVE-2025-0729MEDIUMCVSS 4.3EG 4.32025-01-27
A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upg…
- CVE-2025-10290MEDIUMCVSS 6.5EG 6.52025-09-16
Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a …
- CVE-2025-11208MEDIUMCVSS 6.3EG 6.32025-11-06
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Med…
- CVE-2025-11212MEDIUMCVSS 6.3EG 6.32025-11-06
Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium securit…
- CVE-2025-11213MEDIUMCVSS 6.3EG 6.32025-11-06
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium secur…
- CVE-2025-11718MEDIUMCVSS 6.5EG 6.52025-10-14
When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144.
- CVE-2025-11720HIGHCVSS 8.1EG 8.12025-10-14
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it w…
- CVE-2025-12435MEDIUMCVSS 5.4EG 5.42025-11-10
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-12446MEDIUMCVSS 4.2EG 4.22025-11-10
Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
- CVE-2025-12728MEDIUMCVSS 4.2EG 4.22025-11-10
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security…
- CVE-2025-12729MEDIUMCVSS 4.2EG 4.22025-11-10
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security…
- CVE-2025-12911MEDIUMCVSS 4.3EG 4.32025-11-08
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-13082MEDIUMCVSS 4.3EG 4.32025-11-18
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from …
- CVE-2025-13102MEDIUMCVSS 4.3EG 4.32025-11-14
Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-13107MEDIUMCVSS 4.3EG 4.32025-11-14
Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-14019LOWCVSS 3.4EG 3.42025-12-15
LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks.
- CVE-2025-14020MEDIUMCVSS 5.4EG 5.42025-12-15
LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potential…
- CVE-2025-14021MEDIUMCVSS 4.3EG 4.32025-12-15
The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks th…
- CVE-2025-14023LOWCVSS 3.1EG 3.12025-12-15
LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive eleme…
- CVE-2025-14744MEDIUMCVSS 6.5EG 6.52025-12-18
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144…
- CVE-2025-1922MEDIUMCVSS 4.3EG 4.32025-03-05
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium securit…
- CVE-2025-21253MEDIUMCVSS 5.3EG 5.32025-02-06
Microsoft Edge for IOS and Android Spoofing Vulnerability
- CVE-2025-21259MEDIUMCVSS 5.3EG 5.32025-02-11
Microsoft Outlook Spoofing Vulnerability
- CVE-2025-21262MEDIUMCVSS 5.4EG 5.42025-01-24
User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network
Map vulnerabilities like CWE-451 to your infrastructure
EchelonGraph correlates every CVE — across CWE-451 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →