CWE-451 · User Interface (UI) Misrepresentation of Critical Information

253 CVEs classified under CWE-451 (User Interface (UI) Misrepresentation of Critical Information). Browse by severity and year.

Top CVEs for CWE-451
CVESeverityScorePublishedSummary
CVE-2026-2634Critical9.82026-02-24Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-control…
CVE-2026-0907Critical9.82026-01-20Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium…
CVE-2026-0906Critical9.82026-01-20Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafte…
CVE-2025-8043Critical9.82025-07-22Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.
CVE-2026-11175High8.82026-06-04Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page…
CVE-2026-11172High8.82026-06-04Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML…
CVE-2025-31951High8.82026-05-06HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identif…
CVE-2020-9236High8.82024-12-27There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. A…
CVE-2024-43461High8.82024-09-10Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-0750High8.82024-01-23A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affect…
CVE-2021-41598High8.82022-01-25A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authoriz…
CVE-2021-22866High8.82021-05-14A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authoriz…
CVE-2019-25718High8.42026-06-01Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operatin…
CVE-2025-11720High8.12025-10-14The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted…
CVE-2024-52269High8.12024-12-04User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content t…
CVE-2022-39258High8.12022-09-27mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links…
CVE-2026-53829High8.02026-06-12OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers…
CVE-2026-0096High7.82026-06-01In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could…
CVE-2026-0094High7.82026-06-01In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insuffici…
CVE-2026-0093High7.82026-06-01In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution priv…