Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Brave Software - HackerOne Reports

View on HackerOne

115

Total Reports

8

Critical

28

High

33

Medium

37

Low

chrome://brave navigation from web

Reported by: qab | Disclosed:

Critical

Weakness: Code Injection

Bounty: $650.00

chrome://brave can still be navigated to, leading to RCE

Reported by: qab | Disclosed:

High

Weakness: Code Injection

Bounty: $300.00

Brave Browser unexpectedly allows to send arbitrary IPC messages

Reported by: masatokinugawa | Disclosed:

Critical

Weakness: Command Injection - Generic

Bounty: $300.00

DMARC RECORD MISSING

Reported by: hackthedevil | Disclosed:

Low

Directory Listing on https://promo-services-staging.brave.com

Reported by: testingforbugs | Disclosed:

Weakness: Information Disclosure

Security token and handler name leak from window.braveBlockRequests

Reported by: nishimunea | Disclosed:

High

Weakness: Information Disclosure

Bounty: $700.00

Persistent user tracking is possible using window.caches, by avoiding Brave Shields

Reported by: nishimunea | Disclosed:

Medium

Weakness: Privacy Violation

Bounty: $400.00

XSS on Brave Today through custom RSS feed

Reported by: nishimunea | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Bounty: $500.00

`chrome://brave` available for navigation in Release build [-> RCE] + navigation to `chrome://*` using tab_helper ["Open in new tab"]

Reported by: metnew | Disclosed:

High

links the user may download can be a malicious files

Reported by: seifelsallamy | Disclosed:

High

Weakness: Code Injection

Denial of service attack(window object) on brave browser

Reported by: sahiltikoo | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

[Android] HTML Injection in BatterySaveArticleRenderer WebView

Reported by: bobrov | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $150.00

[ios] Address bar spoofing in Brave for iOS

Reported by: ibram | Disclosed:

Low

Javascript confirm() crashes Brave on PC

Reported by: jackb898 | Disclosed:

Medium

Cross-origin resource sharing misconfiguration (CORS)

Reported by: drwx | Disclosed:

Weakness: Improper Access Control - Generic

Brave Browser potentially logs the last time a Tor window was used

Reported by: sickcodes | Disclosed:

Low

Weakness: Cleartext Storage of Sensitive Information

Bounty: $100.00

2 Directory Listing on ledger.brave.com & vault-staging.brave.com

Reported by: bibo | Disclosed:

Low

Weakness: Information Disclosure

unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software

Reported by: gaurav-bhatia | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $50.00

URL Spoof / Brave Shield Bypass

Reported by: mattaustin | Disclosed:

High

Weakness: Use of Inherently Dangerous Function

Bounty: $200.00

No user confirmation when an auto-updated extension gets more permissions

Reported by: i1iii11iiiii111iii1 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Previous Page 2 of 6 Next