Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Brave Software - HackerOne Reports

View on HackerOne

115

Total Reports

8

Critical

28

High

33

Medium

37

Low

HTML injection in title of reader view

Reported by: nishimunea | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Bounty: $300.00

homograph-attack (unicode vuln)

Reported by: wala3at | Disclosed:

Sending arbitrary IPC messages via overriding Array.prototype.push

Reported by: masatokinugawa | Disclosed:

Critical

Weakness: Command Injection - Generic

Sending arbitrary IPC messages via overriding Function.prototype.apply

Reported by: masatokinugawa | Disclosed:

Critical

Weakness: Command Injection - Generic

Bounty: $5300.00

Command Execution because of extension handling

Reported by: paulos__ | Disclosed:

High

Weakness: Command Injection - Generic

[iOS/Android] Address Bar Spoofing Vulnerability

Reported by: aaditya_purani | Disclosed:

Weakness: Violation of Secure Design Principles

Bounty: $200.00

Address Bar Spoofing - Already resolved - Retroactive report

Reported by: jimeno | Disclosed:

Low

Weakness: Open Redirect

URI Obfuscation

Reported by: ajdumanhug | Disclosed:

Medium

Weakness: HTTP Response Splitting

Subdomain Takeover of Brave.com

Reported by: sahiltikoo | Disclosed:

Weakness: Improper Authentication - Generic

Brave: Admin Panel Access

Reported by: ranjith16 | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Status Bar Obfuscation

Reported by: ajdumanhug | Disclosed:

Low

Weakness: Cryptographic Issues - Generic

Access to local file system using javascript

Reported by: karel_origin | Disclosed:

Medium

Bounty: $100.00

[website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html

Reported by: cmd-0_0 | Disclosed:

Medium

Weakness: Command Injection - Generic

Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log

Reported by: sickcodes | Disclosed:

Medium

Weakness: Cleartext Storage of Sensitive Information

Bounty: $400.00

There is vulnebility Click Here TO fix

Reported by: sonicnik | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Field Day With Protocol Handlers

Reported by: dudetechitout | Disclosed:

Medium

Bounty: $150.00

No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org

Reported by: root_geek280 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Incorrect security UI of files' download source on brave MacOS

Reported by: syarif07 | Disclosed:

High

Weakness: User Interface (UI) Misrepresentation of Critical Information

Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname

Reported by: nishimunea | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Bounty: $250.00

Torrent Viewer extension web service available on all interfaces

Reported by: spipm | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $200.00

Previous Page 3 of 6 Next