Weaknesses of type CWE-451
231 resultsCVE-2026-11001MEDIUMInappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage inEPSS 0.2%CVE-2024-55896MEDIUMIBM PowerHA SystemMirror for i clickjackingEPSS 0.2%CVE-2026-2320MEDIUMInappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage EPSS 0.2%CVE-2025-8583MEDIUMInappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a cEPSS 0.2%CVE-2025-8364MEDIUMAddress bar spoofing using an blob URI on Firefox for AndroidEPSS 0.2%CVE-2026-5891MEDIUMInsufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the rendEPSS 0.2%CVE-2024-52277HIGHPDF Document Spoofing in DocuSealEPSS 0.2%CVE-2024-52271HIGHPDF Document Spoofing in DocumensoEPSS 0.2%CVE-2026-3889MEDIUMSpoofing issue in ThunderbirdEPSS 0.2%CVE-2024-6429MEDIUMContent Spoofing in Multiple WSO2 Products via Error Message InjectionEPSS 0.2%CVE-2026-9078MEDIUMFirefox iOS RTL Domain Rendering Issue in Link PreviewEPSS 0.2%CVE-2024-39730MEDIUMIBM Datacap clickjackingEPSS 0.2%CVE-2025-9186MEDIUMSpoofing issue in the Address Bar component of Firefox Focus for AndroidEPSS 0.2%CVE-2024-54558LOWA clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15EPSS 0.2%CVE-2025-13082MEDIUMDrupal core - Moderately critical - Defacement - SA-CORE-2025-007EPSS 0.2%CVE-2025-31266MEDIUMA spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5,EPSS 0.2%CVE-2025-11213MEDIUMInappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user toEPSS 0.2%CVE-2025-11718MEDIUMAddress bar could be spoofed on Android using visibilitychangeEPSS 0.2%CVE-2025-11208MEDIUMInappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in spEPSS 0.2%CVE-2026-5880MEDIUMInsufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the rendEPSS 0.2%