Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-451 (关键信息的UI错误表达) — Vulnerability Class 72

72 vulnerabilities classified as CWE-451 (关键信息的UI错误表达). AI Chinese analysis included.

CWE-451 represents a critical interface weakness where the user interface fails to accurately display essential information, allowing attackers to obscure or spoof data sources. This vulnerability is typically exploited in phishing campaigns, where malicious actors manipulate the UI to present fraudulent content that mimics trusted entities, thereby deceiving users into revealing sensitive credentials or executing harmful actions. By creating a false sense of security or urgency, the attacker leverages the user’s trust in the interface design to bypass cognitive safeguards. To prevent this, developers must implement robust input validation and ensure that all UI elements clearly and consistently reflect the true state and source of information. Utilizing standardized security indicators, such as verified domain names in address bars and consistent branding, helps maintain transparency. Additionally, conducting regular usability testing and security audits ensures that the interface remains resilient against deceptive modifications, preserving user trust and system integrity.

MITRE CWE Description
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event. UI misrepresentation can take many forms: Incorrect indicator: incorrect information is displayed, which prevents the user from understanding the true state of the product or the environment the product is monitoring, especially of potentially-dangerous conditions or operations. This can be broken down into several different subtypes. Overlay: an area of the display is intended to give critical information, but another process can modify the display by overlaying another element on top of it. The user is not interacting with the expected portion of the user interface. This is the problem that enables clickjacking attacks, although many other types of attacks exist that involve overlay. Icon manipulation: the wrong icon, or the wrong color indicator, can b…
Common Consequences (1)
Non-Repudiation, Access ControlHide Activities, Bypass Protection Mechanism
Mitigations (2)
ImplementationPerform data validation (e.g. syntax, length, etc.) before interpreting the data.
Architecture and DesignCreate a strategy for presenting information, and plan for how to display unusual characters.
CVE IDTitleCVSSSeverityPublished
CVE-2026-35371 uutils coreutils id Misleading Identity Reporting in Pretty Print Mode — coreutils 3.3 Low2026-04-22
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.3 Medium2026-04-10
CVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge for Android 5.4 Medium2026-04-10
CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands — OpenClaw 7.1 High2026-03-31
CVE-2026-0385 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge for Android 5.0 Medium2026-03-13
CVE-2025-68277 OpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and Portal — openemr 6.1 -2026-02-25
CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services — Directory Services 4.3AIMediumAI2026-02-19
CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message — openclaw 4.3 -2026-02-19
CVE-2026-21527 Microsoft Exchange Server Spoofing Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 6.5 Medium2026-02-10
CVE-2026-0391 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge (Chromium-based) 6.5 Medium2026-02-05
CVE-2026-20732 BIG-IP Configuration utility vulnerability — BIG-IP 3.1 Low2026-02-04
CVE-2025-62224 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge for Android 5.5 Medium2026-01-07
CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge for Android 3.1 Low2025-12-18
CVE-2025-64667 Microsoft Exchange Server Spoofing Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 5.3 Medium2025-12-09
CVE-2025-62223 Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.3 Medium2025-12-05
CVE-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 — Drupal core 4.3AIMediumAI2025-11-18
CVE-2025-9491 Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability — Windows 7.8 -2025-08-26
CVE-2025-49755 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge for Android 4.3 Medium2025-08-12
CVE-2025-43712 JHipster 安全漏洞 — JHipster 2.9 Low2025-07-25
CVE-2025-47963 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 6.3 Medium2025-07-11
CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 5.4 Medium2025-07-11
CVE-2025-7021 OpenAI Operator - API Spoofing through Locking Operator on FullScreen — Operator 7.1AIHighAI2025-07-10
CVE-2024-39730 IBM Datacap clickjacking — Datacap 5.4 Medium2025-06-28
CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab — GitLab 3.5 Low2025-05-23
CVE-2025-29825 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 6.5 Medium2025-05-02
CVE-2025-46394 BusyBox 安全漏洞 — BusyBox 3.2 Low2025-04-23
CVE-2025-32371 Unexpected external content may be displayed in DNN ImageHandler — Dnn.Platform 4.3 Medium2025-04-09
CVE-2025-29796 Microsoft Edge for iOS Spoofing Vulnerability — Microsoft Edge for iOS 4.7 Medium2025-04-04
CVE-2025-1922 Google Chrome 安全漏洞 — Chrome 4.3 -2025-03-05
CVE-2025-21259 Microsoft Outlook Spoofing Vulnerability — Microsoft Outlook for Android 5.3 Medium2025-02-11

Vulnerabilities classified as CWE-451 (关键信息的UI错误表达) represent 72 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.