CWE-451 · User Interface (UI) Misrepresentation of Critical Information
253 CVEs classified under CWE-451 (User Interface (UI) Misrepresentation of Critical Information). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2634 | Critical | 9.8 | 2026-02-24 | Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-control… |
CVE-2026-0907 | Critical | 9.8 | 2026-01-20 | Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium… |
CVE-2026-0906 | Critical | 9.8 | 2026-01-20 | Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafte… |
CVE-2025-8043 | Critical | 9.8 | 2025-07-22 | Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141. |
CVE-2026-11175 | High | 8.8 | 2026-06-04 | Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page… |
CVE-2026-11172 | High | 8.8 | 2026-06-04 | Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML… |
CVE-2025-31951 | High | 8.8 | 2026-05-06 | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identif… |
CVE-2020-9236 | High | 8.8 | 2024-12-27 | There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. A… |
CVE-2024-43461 | High | 8.8 | 2024-09-10 | Windows MSHTML Platform Spoofing Vulnerability |
CVE-2024-0750 | High | 8.8 | 2024-01-23 | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affect… |
CVE-2021-41598 | High | 8.8 | 2022-01-25 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authoriz… |
CVE-2021-22866 | High | 8.8 | 2021-05-14 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authoriz… |
CVE-2019-25718 | High | 8.4 | 2026-06-01 | Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operatin… |
CVE-2025-11720 | High | 8.1 | 2025-10-14 | The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted… |
CVE-2024-52269 | High | 8.1 | 2024-12-04 | User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content t… |
CVE-2022-39258 | High | 8.1 | 2022-09-27 | mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links… |
CVE-2026-53829 | High | 8.0 | 2026-06-12 | OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers… |
CVE-2026-0096 | High | 7.8 | 2026-06-01 | In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could… |
CVE-2026-0094 | High | 7.8 | 2026-06-01 | In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insuffici… |
CVE-2026-0093 | High | 7.8 | 2026-06-01 | In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution priv… |