CWE-449
The UI Performs the Wrong Action
Common consequences1
- OtherQuality DegradationVaries by Context
Relationships1
- ChildOfCWE-446
CVEs referencing this CWE14
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2024-49041 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | MEDIUM4.3 | 1.05%p60 | 2026-06-09 | |
| CVE-2023-36535 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | MEDIUM6.5 | 1.03%p59 | 2024-11-21 | |
| CVE-2025-21404 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | MEDIUM4.3 | 0.94%p56 | 2026-02-13 | |
| CVE-2023-39215 | Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. | MEDIUM6.5 | 0.92%p56 | 2024-11-21 | |
| CVE-2023-39209 | Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. | MEDIUM6.5 | 0.80%p52 | 2024-11-21 | |
| CVE-2025-26643 | The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | MEDIUM5.4 | 0.66%p47 | 2026-02-13 | |
| CVE-2023-43588 | Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | MEDIUM6.5 | 0.65%p46 | 2024-11-21 | |
| CVE-2023-43585 | Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. | MEDIUM6.5 | 0.60%p44 | 2024-11-21 | |
| CVE-2024-24698 | Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. | MEDIUM4.4 | 0.53%p41 | 2024-11-21 | |
| CVE-2024-38083 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | MEDIUM4.3 | 0.49%p38 | 2025-12-17 | |
| CVE-2024-43577 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | MEDIUM4.3 | 0.47%p37 | 2026-06-09 | |
| CVE-2025-49736 | The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | MEDIUM4.3 | 0.46%p36 | 2026-02-13 | |
| CVE-2025-56139 | LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different URL, which can be malicious. This UI misrepresentation enables attackers to deceive users by displaying trusted previews for harmful links, facilitating phishing attacks and user confusion. | MEDIUM5.3 | 0.31%p22 | 2025-09-08 | |
| CVE-2025-13637 | Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low) | MEDIUM4.3 | 0.17%p7 | 2025-12-04 |