CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23086
https://notcve.org/view.php?id=CVE-2025-23086
21 Jan 2025 — On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect. En la mayoría de las... • https://hackerone.com/reports/2888770 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37406
https://notcve.org/view.php?id=CVE-2024-37406
18 Sep 2024 — In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion. • https://hackerone.com/reports/2501378 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52263
https://notcve.org/view.php?id=CVE-2023-52263
30 Dec 2023 — Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. Brave Browser anterior a 1.59.40 no restringe adecuadamente el esquema para la fábrica WebUI y la redirección. Esto está relacionado con browser/brave_content_browser_client.cc y browser/ui/webui/brave_web_ui_controller_factory.cc. • https://github.com/brave/brave-browser/issues/32449 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28364
https://notcve.org/view.php?id=CVE-2023-28364
30 Jun 2023 — An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. • https://hackerone.com/reports/1946534 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22917
https://notcve.org/view.php?id=CVE-2021-22917
12 Jul 2021 — Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. Brave Browser Desktop entre las versiones 1.17 y 1.20, es vulnerable a una divulgación de información por medio de peticiones DNS en ventanas Tor que no fluyen mediante Tor si el bloqueo de anuncios estaba activado • https://hackerone.com/reports/1077022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 32%CPEs: 1EXPL: 2CVE-2016-10718 – Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
https://notcve.org/view.php?id=CVE-2016-10718
04 Apr 2018 — Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. Brave Browser, en versiones anteriores a la 0.13.0, permite que una pestaña se autocierre incluso aunque no haya sido abierta por un script, lo que resulta en una denegación de servicio (DoS). Brave Browser versions prior to 0.13.0 suffer from a window.close(self) denial of service vulnerability. • https://packetstorm.news/files/id/147188 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 7%CPEs: 1EXPL: 3CVE-2017-18256 – Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
https://notcve.org/view.php?id=CVE-2017-18256
04 Apr 2018 — Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled. Brave Browser, en versiones anteriores a la 0.13.0, permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante un argumento alert() largo en código JavaScript, ya que se gestionan de manera incorrecta los diálogos de ventana. Brave Browser versions prior to 0.13.0 suffer from a lon... • https://packetstorm.news/files/id/147187 •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000461
https://notcve.org/view.php?id=CVE-2017-1000461
03 Jan 2018 — Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). Las versiones 0.19.73 y anteriores de Brave Browser, de Brave Software, son vulnerables a un problema de control de acceso incorrecto en el componente "JS fingerprinting blocking". Esto resulta en que un sitio... • https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.7EPSS: 1%CPEs: 2EXPL: 2CVE-2016-9473
https://notcve.org/view.php?id=CVE-2016-9473
28 Mar 2017 — Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. Brave Browser iOS en versiones anteriores a 1.2.18 y Brave Browser Android 1.9.56 y en versiones anteriores sufren de suplantación de barra de dirección completa, lo que permite a los atacantes engañar a una víctima mediante la visualización de una página maliciosa para nombres de dominio legítimos... • http://www.securityfocus.com/bid/97155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-451: User Interface (UI) Misrepresentation of Critical Information •