Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
brave vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-10799
A hang issue exists in Brave prior to 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element.
Brave Brave
4.3
CVSSv3
CVE-2023-28360
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.
Brave Brave
4.3
CVSSv3
CVE-2018-1000815
Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers...
Brave Brave
6.5
CVSSv3
CVE-2017-8458
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.
Brave Brave 0.12.4
6.5
CVSSv3
CVE-2017-8459
Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results
Brave Brave 0.12.4
7.5
CVSSv3
CVE-2016-10718
Brave Browser prior to 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.
Brave Brave Browser
1 EDB exploit
6.5
CVSSv3
CVE-2017-18256
Brave Browser prior to 0.13.0 allows remote malicious users to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.
Brave Brave Browser
1 EDB exploit
4.8
CVSSv3
CVE-2023-51534
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create P...
Getbrave Brave
4.7
CVSSv3
CVE-2016-9473
Brave Browser iOS prior to 1.2.18 and Brave Browser Android 1.9.56 and previous versions suffer from Full Address Bar Spoofing, allowing malicious users to trick a victim by displaying a malicious page for legitimate domain names.
Brave Browser
6.1
CVSSv3
CVE-2023-52263
Brave Browser prior to 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
Brave Browser
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »