CWE-449— The UI Performs the Wrong Action
The UI performs the wrong action with respect to the user's request.— MITRE CWE catalog
14 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-449page 1 of 1
- CVE-2023-36535HIGHCVSS 7.1EG 7.12023-08-08
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
- CVE-2023-39209MEDIUMCVSS 5.9EG 5.92023-08-08
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.
- CVE-2023-39215HIGHCVSS 7.1EG 7.12023-09-12
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
- CVE-2023-43585MEDIUMCVSS 6.5EG 7.12023-12-13
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2023-43588MEDIUMCVSS 6.5EG 3.52023-11-15
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
- CVE-2024-24698MEDIUMCVSS 4.9EG 4.92024-02-14
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
- CVE-2024-38083MEDIUMCVSS 4.3EG 4.32024-06-13
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2024-43577MEDIUMCVSS 4.3EG 4.32024-10-18
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2024-49041MEDIUMCVSS 4.3EG 4.32024-12-06
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2025-13637MEDIUMCVSS 4.3EG 5.32025-12-02
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security s…
- CVE-2025-21404MEDIUMCVSS 4.3EG 4.32025-02-06
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2025-26643MEDIUMCVSS 5.4EG 5.42025-03-07
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-49736MEDIUMCVSS 4.3EG 4.32025-08-12
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-56139MEDIUMCVSS 5.3EG 5.32025-09-03
LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remai…
Map vulnerabilities like CWE-449 to your infrastructure
EchelonGraph correlates every CVE — across CWE-449 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →