Total
156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2634 | 1 Mozilla | 1 Firefox | 2026-02-27 | N/A | 9.8 CRITICAL |
|
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4.
|
|||||
| CVE-2026-1658 | 1 Opentext | 1 Directory Services | 2026-02-26 | N/A | 5.3 MEDIUM |
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.
The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.
This issue affects Directory Services: from 20.4.1 through 25.2.
|
|||||
| CVE-2025-68277 | 1 Open-emr | 1 Openemr | 2026-02-25 | N/A | 5.0 MEDIUM |
|
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0.4 patches the issue.
|
|||||
| CVE-2026-26320 | 2 Apple, Openclaw | 2 Macos, Openclaw | 2026-02-20 | N/A | 6.5 MEDIUM |
|
OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw://agent` deep links without an unattended `key`, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full message after the user clicked "Run." At the time of writing, the OpenClaw macOS desktop client is still in beta. In versions 2026.2.6 through 2026.2.13, an attacker could pad the message with whitesp ...
Show More |
|||||
| CVE-2025-65046 | 1 Microsoft | 1 Edge Chromium | 2026-02-20 | N/A | 3.1 LOW |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2026-2032 | 1 Mozilla | 1 Firefox | 2026-02-18 | N/A | 4.3 MEDIUM |
|
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS < 147.2.1.
|
|||||
| CVE-2026-0391 | 1 Microsoft | 1 Edge Chromium | 2026-02-18 | N/A | 6.5 MEDIUM |
|
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-20732 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more | 2026-02-13 | N/A | 3.1 LOW |
|
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2025-47964 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | N/A | 5.4 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2025-47963 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | N/A | 6.3 MEDIUM |
|
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-2318 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2026-2316 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2026-2320 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2026-2322 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2026-2323 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2026-21527 | 1 Microsoft | 1 Exchange Server | 2026-02-11 | N/A | 6.5 MEDIUM |
|
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2025-62224 | 1 Microsoft | 1 Edge | 2026-02-02 | N/A | 5.5 MEDIUM |
|
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-0901 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-30 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2026-0907 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | N/A | 9.8 CRITICAL |
|
Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2026-0906 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | N/A | 9.8 CRITICAL |
|
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2026-0904 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | N/A | 5.4 MEDIUM |
|
Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-14023 | 1 Linecorp | 1 Line | 2026-01-07 | N/A | 3.1 LOW |
|
LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions.
|
|||||
| CVE-2025-14744 | 1 Mozilla | 1 Firefox | 2026-01-06 | N/A | 6.5 MEDIUM |
|
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0.
|
|||||
| CVE-2025-64667 | 1 Microsoft | 1 Exchange Server | 2026-01-02 | N/A | 5.3 MEDIUM |
|
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2025-14019 | 1 Linecorp | 1 Line | 2025-12-19 | N/A | 3.4 LOW |
|
LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks.
|
|||||
| CVE-2025-14020 | 1 Linecorp | 1 Line | 2025-12-18 | N/A | 5.4 MEDIUM |
|
LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by impersonating legitimate interfaces.
|
|||||
| CVE-2025-14021 | 1 Linecorp | 1 Line | 2025-12-18 | N/A | 4.3 MEDIUM |
|
The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.
|
|||||
| CVE-2025-46287 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 6.5 MEDIUM |
|
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID.
|
|||||
| CVE-2025-62223 | 1 Microsoft | 1 Edge Chromium | 2025-12-10 | N/A | 4.3 MEDIUM |
|
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2025-31266 | 1 Apple | 2 Macos, Safari | 2025-11-26 | N/A | 4.3 MEDIUM |
|
A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window.
|
|||||
| CVE-2025-12728 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-11-25 | N/A | 4.2 MEDIUM |
|
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-13082 | 1 Drupal | 1 Drupal | 2025-11-24 | N/A | 4.3 MEDIUM |
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
|
|||||
| CVE-2025-12911 | 1 Google | 1 Chrome | 2025-11-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-11919 | 1 Google | 2 Android, Chrome | 2025-11-17 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-13178 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-17 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-7021 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-17 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-13102 | 1 Google | 2 Android, Chrome | 2025-11-17 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-13107 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-17 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-12729 | 1 Google | 2 Android, Chrome | 2025-11-14 | N/A | 4.2 MEDIUM |
|
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-11208 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-13 | N/A | 6.3 MEDIUM |
|
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||