Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Brave Software - HackerOne Reports

View on HackerOne

115

Total Reports

8

Critical

28

High

33

Medium

37

Low

Local files reading from the web using `brave://`

Reported by: metnew | Disclosed:

Critical

Navigation to protocol handler URL from the opened page displayed as a request from this page.

Reported by: metnew | Disclosed:

Medium

Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass

Reported by: metnew | Disclosed:

Low

Weakness: Violation of Secure Design Principles

`alert()` dialogs on `chrome-extension://` origin (internal pages)

Reported by: metnew | Disclosed:

Low

Navigation to `chrome-extension://` origin (internal pages) from the web

Reported by: metnew | Disclosed:

Low

[Brave browser] WebTorrent has DNS rebinding vulnerability

Reported by: newfunction | Disclosed:

Low

Weakness: Information Disclosure

Download attribute allows downloading local files

Reported by: skansing | Disclosed:

Low

Bounty: $100.00

application/x-brave-tab should not be readable.

Reported by: qab | Disclosed:

High

Weakness: Privacy Violation

Bounty: $250.00

Link obfuscation bug

Reported by: l000g1c | Disclosed:

Low

Weakness: Cryptographic Issues - Generic

Universal XSS through FIDO U2F register from subframe

Reported by: nishimunea | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $1000.00

https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529

Reported by: lalit2020 | Disclosed:

Medium

Weakness: Array Index Underflow

CVEs: CVE-2017-7529

Open redirect due to scanning QR code via brave browser

Reported by: roland_hack | Disclosed:

High

Weakness: Open Redirect

Browser is not following proper flow for redirection cause open redirect

Reported by: kalkii | Disclosed:

High

Bounty: $500.00

download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled

Reported by: ameenbasha | Disclosed:

High

Bounty: $500.00

Navigation to restricted origins via "Open in new tab"

Reported by: metnew | Disclosed:

Medium

URL spoofing in Brave for macOS

Reported by: metnew | Disclosed:

Medium

Brave payments remembers history even after clearing all browser data.

Reported by: sumit | Disclosed:

Low

Weakness: Information Disclosure

Local files reading from the "file://" origin through `brave://`

Reported by: metnew | Disclosed:

High

DoS in Brave browser for iOS

Reported by: metnew | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

No user confirmation when an auto-updated extension gets more permissions

Reported by: i1iii11iiiii111iii1 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Page 1 of 6 Next