VYPR

CWE-451

User Interface (UI) Misrepresentation of Critical Information

ClassDraft

Description

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-154 · CAPEC-163 · CAPEC-164 · CAPEC-173 · CAPEC-98

CVEs mapped to this weakness (107)

page 4 of 6
  • CVE-2026-0385MedMar 16, 2026
    risk 0.33cvss 5.0epss 0.00

    Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

  • CVE-2026-8565MedMay 14, 2026
    risk 0.31cvss 4.7epss 0.00

    Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-34258MedMay 12, 2026
    risk 0.31cvss 4.7epss 0.00

    SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This…

  • CVE-2026-44659MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.00

    Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain (eTLD+1). As a result, an attacker can craft extremely…

  • CVE-2016-9473MedMar 28, 2017
    risk 0.31cvss 4.7epss 0.02

    Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.

  • CVE-2026-39309MedMay 20, 2026
    risk 0.29cvss 5.5epss 0.00

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading…

  • CVE-2026-45650MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.01

    User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-11300MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11294MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11286MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11285MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11254MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11245MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11228MedJun 4, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11216MedJun 4, 2026
    risk 0.28cvss 4.3epss 0.00

    Incorrect security UI in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11107MedJun 4, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-40416MedMay 12, 2026
    risk 0.28cvss 4.3epss 0.00

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-35429MedMay 12, 2026
    risk 0.28cvss 4.3epss 0.01

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33118MedApr 10, 2026
    risk 0.28cvss 4.3epss 0.01

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  • CVE-2026-5906MedApr 8, 2026
    risk 0.28cvss 4.3epss 0.00

    Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)