CVEs classified under CWE-357, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2025-33054 — CVSS 8.1 (high): Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49587 — CVSS 8.0 (high): XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.Notific…
CVE-2025-49585 — CVSS 8.0 (high): XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an…
CVE-2025-49582 — CVSS 8.0 (high): XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by…
CVE-2019-13521 — CVSS 7.8 (high): A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and…
CVE-2026-26151 — CVSS 7.1 (high): Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a…
CVE-2022-41904 — CVSS 6.4 (medium): Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm…
CVE-2025-47967 — CVSS 4.7 (medium): Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a…
CVE-2026-58597 — CVSS 4.3 (medium): Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over…