Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0907 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | N/A | 9.8 CRITICAL |
| Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2026-0906 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | N/A | 9.8 CRITICAL |
| Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2026-0904 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | N/A | 5.4 MEDIUM |
| Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-0901 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-62224 | 2026-01-08 | N/A | 5.5 MEDIUM | ||
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-14023 | 1 Linecorp | 1 Line | 2026-01-07 | N/A | 3.1 LOW |
| LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions. | |||||
| CVE-2025-14744 | 1 Mozilla | 1 Firefox | 2026-01-06 | N/A | 6.5 MEDIUM |
| Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0. | |||||
| CVE-2025-64667 | 1 Microsoft | 1 Exchange Server | 2026-01-02 | N/A | 5.3 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-14019 | 1 Linecorp | 1 Line | 2025-12-19 | N/A | 3.4 LOW |
| LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks. | |||||
| CVE-2025-14020 | 1 Linecorp | 1 Line | 2025-12-18 | N/A | 5.4 MEDIUM |
| LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by impersonating legitimate interfaces. | |||||
| CVE-2025-14021 | 1 Linecorp | 1 Line | 2025-12-18 | N/A | 4.3 MEDIUM |
| The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content. | |||||
| CVE-2025-46287 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID. | |||||
| CVE-2025-62223 | 1 Microsoft | 1 Edge Chromium | 2025-12-10 | N/A | 4.3 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-31266 | 1 Apple | 2 Macos, Safari | 2025-11-26 | N/A | 4.3 MEDIUM |
| A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window. | |||||
| CVE-2025-12728 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-11-25 | N/A | 4.2 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-13082 | 1 Drupal | 1 Drupal | 2025-11-24 | N/A | 4.3 MEDIUM |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | |||||
| CVE-2025-12911 | 1 Google | 1 Chrome | 2025-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-11919 | 1 Google | 2 Android, Chrome | 2025-11-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-13178 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7021 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||