Weaknesses of type CWE-451
231 resultsCVE-2026-5878MEDIUMIncorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML pEPSS 0.2%CVE-2026-5882MEDIUMIncorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HEPSS 0.2%CVE-2026-12458LOWInappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage EPSS 0.2%CVE-2026-7935MEDIUMInappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafteEPSS 0.2%CVE-2024-52270HIGHPDF Document Spoofing in DropBox Sign(HelloSign)EPSS 0.2%CVE-2026-0901MEDIUMInappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing viEPSS 0.2%CVE-2026-5905MEDIUMIncorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofingEPSS 0.2%CVE-2026-3937MEDIUMIncorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via aEPSS 0.2%CVE-2026-2919MEDIUMAttacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirectEPSS 0.2%CVE-2026-8561MEDIUMIncorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted EPSS 0.2%CVE-2026-11285MEDIUMInappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofiEPSS 0.2%CVE-2024-13178MEDIUMInappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crEPSS 0.2%CVE-2025-13107MEDIUMInappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a cEPSS 0.2%CVE-2024-11919MEDIUMInappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing EPSS 0.2%CVE-2025-11212MEDIUMInappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to eEPSS 0.2%CVE-2025-12728MEDIUMInappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user tEPSS 0.2%CVE-2026-3942MEDIUMIncorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a craEPSS 0.2%CVE-2026-3927MEDIUMIncorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a craEPSS 0.2%CVE-2025-14021MEDIUMThe in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execEPSS 0.2%CVE-2026-39309MEDIUMTrilium Notes: macOS TCC Bypass via Prompt SpoofingEPSS 0.2%