Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-356 (产品UI接口未警示用户不安全动作) — Vulnerability Class 29

29 vulnerabilities classified as CWE-356 (产品UI接口未警示用户不安全动作). AI Chinese analysis included.

CWE-356 represents a user interface weakness where software fails to alert users before executing potentially hazardous operations. This flaw is typically exploited by attackers who manipulate the interface to trick users into performing destructive actions, such as deleting critical data or executing untrusted code, without realizing the consequences. By omitting necessary warnings, the product lowers the barrier for social engineering attacks, allowing adversaries to inflict damage more easily. Developers mitigate this risk by implementing explicit confirmation dialogs for high-risk activities, ensuring users are fully aware of the implications before proceeding. Clear, unambiguous messaging helps users make informed decisions, thereby preventing accidental or coerced system compromise and enhancing overall security posture through informed user interaction.

MITRE CWE Description
The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system. Product systems should warn users that a potentially dangerous action may occur if the user proceeds. For example, if the user downloads a file from an unknown source and attempts to execute the file on their machine, then the application's GUI can indicate that the file is unsafe.
Common Consequences (1)
Non-RepudiationHide Activities
CVE IDTitleCVSSSeverityPublished
CVE-2026-0777 Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability — Xmind 8.8AIHighAI2026-02-20
CVE-2026-25805 Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning. — zed 6.4 Medium2026-02-10
CVE-2025-3839 Epiphany: insecure external protocol invocation in epiphany 8.0 High2026-01-23
CVE-2025-14414 Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability — Desktop 7.8AIHighAI2025-12-23
CVE-2025-14415 Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability — Desktop 8.8AIHighAI2025-12-23
CVE-2025-14412 Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability — Desktop 7.8AIHighAI2025-12-23
CVE-2025-14418 pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability — PDF Architect 7.8AIHighAI2025-12-23
CVE-2025-14417 pdfforge PDF Architect Launch Insufficient UI Warning Remote Code Execution Vulnerability — PDF Architect 8.8AIHighAI2025-12-23
CVE-2025-14416 pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Execution Vulnerability — PDF Architect 7.8AIHighAI2025-12-23
CVE-2025-14404 PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability — Enhanced 7.8AIHighAI2025-12-23
CVE-2025-14403 PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability — Enhanced 7.8AIHighAI2025-12-23
CVE-2025-14402 PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability — Enhanced 7.8AIHighAI2025-12-23
CVE-2025-58335 JetBrains Junie 安全漏洞 — Junie 5.5 Medium2025-08-28
CVE-2025-31334 WinRAR 安全漏洞 — WinRAR 7.8AIHighAI2025-04-03
CVE-2025-2450 NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability — Vision Builder AI 7.8 -2025-03-18
CVE-2024-4187 Stored XSS vulnerability has been discovered in OpenText™ Filr. The vulnerability could cause users to not be warned when clicking links to external sites. — Filr 5.4AIMediumAI2024-07-31
CVE-2024-30057 Microsoft Edge for iOS Spoofing Vulnerability — Microsoft Edge for iOS 5.4 Medium2024-06-13
CVE-2024-3044 Graphic on-click binding allows unchecked script execution — LibreOffice 7.1 -2024-05-14
CVE-2022-36970 AVEVA Edge 安全漏洞 — Edge 7.8 -2023-03-29
CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash — metabase 8.8 High2022-10-26
CVE-2022-35873 Inductive Automation Ignition 代码注入漏洞 — Ignition 7.8 -2022-07-25
CVE-2019-13322 Xiaomi Mi6 Browser 输入验证错误漏洞 — Browser 8.8 -2020-02-10
CVE-2019-17151 Tencent WeChat 输入验证错误漏洞 — WeChat 5.4 -2020-01-07
CVE-2019-6738 Bitdefender SafePay 操作系统命令注入漏洞 — SafePay 8.8 -2019-06-03
CVE-2019-6737 Bitdefender SafePay 代码问题漏洞 — SafePay 8.8 -2019-06-03
CVE-2019-6736 Bitdefender SafePay 操作系统命令注入漏洞 — SafePay 8.8 -2019-06-03
CVE-2018-16858 LibreOffice 路径遍历漏洞 — libreoffice 9.8 -2019-03-25
CVE-2018-10593 BD DB Manager和PerformA 安全漏洞 — Kiestra and InoqulA systems 6.4 -2018-05-24
CVE-2018-10595 BD ReadA 安全漏洞 — Kiestra and InoqulA systems 6.4 -2018-05-24

Vulnerabilities classified as CWE-356 (产品UI接口未警示用户不安全动作) represent 29 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.