Weaknesses of type CWE-356
32 resultsCVE-2026-25805MEDIUMZed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.EPSS 0.2%CVE-2024-4187LOWStored XSS vulnerability has been discovered in OpenText™ Filr. The vulnerability could cause users to not be warned when clicking links to external sites.EPSS 0.2%CVE-2025-14404HIGHPDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution VulnerabilityEPSS 0.2%CVE-2025-14402HIGHPDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution VulnerabilityEPSS 0.2%CVE-2025-14415HIGHSoda PDF Desktop Launch Insufficient UI Warning Remote Code Execution VulnerabilityEPSS 0.2%CVE-2025-58335MEDIUMIn JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.28EPSS 0.2%CVE-2025-14414HIGHSoda PDF Desktop Word File Insufficient UI Warning Remote Code Execution VulnerabilityEPSS 0.2%CVE-2025-14412HIGHSoda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution VulnerabilityEPSS 0.2%CVE-2025-14417HIGHpdfforge PDF Architect Launch Insufficient UI Warning Remote Code Execution VulnerabilityEPSS 0.2%CVE-2025-0092MEDIUMIn handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could leaEPSS 0.1%CVE-2025-14416HIGHpdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Execution VulnerabilityEPSS 0.1%CVE-2025-14418HIGHpdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution VulnerabilityEPSS 0.1%