Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Brave Software - HackerOne Reports

View on HackerOne

115

Total Reports

8

Critical

28

High

33

Medium

37

Low

invalid homepage URL causes 'uncaught typeerror' or blank state

Reported by: tsug0d | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Clickjacking or URL Masking

Reported by: dhiraj-mishra | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Brave allows flash to follow 307 redirects to other origins with arbitrary content-types

Reported by: tvgfvghjbhunj | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Username Information Disclosure via Json response - Using parameter number Intruder

Reported by: 0xrobot | Disclosed:

Low

Weakness: Information Disclosure

Brave Browser Tor Window leaks user's real IP to the external DNS server

Reported by: newfunction | Disclosed:

High

Weakness: Information Disclosure

`settingcontent-ms` files lacks "mark of the web" => execute code by dbl click in Downloads toolbar

Reported by: metnew | Disclosed:

Low

URL spoofing using protocol handlers

Reported by: metnew | Disclosed:

Medium

S3 Bucket Takeover : brave-apt

Reported by: j3rry-1729 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Information disclosure of website

Reported by: 1_1_1 | Disclosed:

High

Weakness: Information Disclosure

Denial of service(POP UP Recursion) on Brave browser

Reported by: sahiltikoo | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Brave News feeds can open arbitrary chrome: URLs

Reported by: nishimunea | Disclosed:

High

Weakness: Privilege Escalation

Bounty: $600.00

Brave Shield for iOS is weak against IDN homograph attacks

Reported by: nishimunea | Disclosed:

Low

Weakness: Phishing

Bounty: $150.00

UI spoofing by showing sms:/tel: dialog on another website

Reported by: nishimunea | Disclosed:

Low

Weakness: Phishing

Bounty: $100.00

Download of (later executed) .NET installer over insecure channel

Reported by: skanthak | Disclosed:

Low

Weakness: Man-in-the-Middle

Arbitrary local code execution via DLL hijacking from executable installer

Reported by: skanthak | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

[DOS] denial of service using code snippet on brave browser

Reported by: tikoo_sahil | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $25.00

Remote Stack Overflow Vulnerability (DoS)

Reported by: kjashwanth13 | Disclosed:

Weakness: Uncontrolled Resource Consumption

Arbitrary file download due to bad handling of Redirects in WebTorrent

Reported by: d3f4u17 | Disclosed:

Medium

Weakness: Code Injection

Local files reading using `link[rel="import"]`

Reported by: metnew | Disclosed:

High

Cross-origin page stays focused before/after downloading + uninformative modal window for download

Reported by: metnew | Disclosed:

Low

Previous Page 4 of 6 Next