CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10254
https://notcve.org/view.php?id=CVE-2024-10254
14 Jan 2025 — A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. • https://iknow.lenovo.com.cn/detail/425367 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10253
https://notcve.org/view.php?id=CVE-2024-10253
14 Jan 2025 — A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. • https://iknow.lenovo.com.cn/detail/425367 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.4EPSS: 4%CPEs: 1EXPL: 1CVE-2024-6473 – DLL Hijacking in Yandex Browser
https://notcve.org/view.php?id=CVE-2024-6473
03 Sep 2024 — Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. • https://github.com/12345qwert123456/CVE-2024-6473-PoC • CWE-426: Untrusted Search Path •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52263
https://notcve.org/view.php?id=CVE-2023-52263
30 Dec 2023 — Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. Brave Browser anterior a 1.59.40 no restringe adecuadamente el esquema para la fábrica WebUI y la redirección. Esto está relacionado con browser/brave_content_browser_client.cc y browser/ui/webui/brave_web_ui_controller_factory.cc. • https://github.com/brave/brave-browser/issues/32449 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28364
https://notcve.org/view.php?id=CVE-2023-28364
30 Jun 2023 — An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. • https://hackerone.com/reports/1946534 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 4CVE-2017-18016 – Parity Browser < 1.6.10 - Bypass Same Origin Policy
https://notcve.org/view.php?id=CVE-2017-18016
11 Jan 2018 — Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin). Parity Browser 1.6.10 y anteriores permite que atacantes remotos omitan la política del mismo origen y obtengan información sensible mediante peticiones a otros sitios por medio del motor web proxy de Parity (reutilizando el token de la página web actual,... • https://packetstorm.news/files/id/145817 • CWE-346: Origin Validation Error •
CVSS: 4.7EPSS: 1%CPEs: 2EXPL: 2CVE-2016-9473
https://notcve.org/view.php?id=CVE-2016-9473
28 Mar 2017 — Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. Brave Browser iOS en versiones anteriores a 1.2.18 y Brave Browser Android 1.9.56 y en versiones anteriores sufren de suplantación de barra de dirección completa, lo que permite a los atacantes engañar a una víctima mediante la visualización de una página maliciosa para nombres de dominio legítimos... • http://www.securityfocus.com/bid/97155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5306
https://notcve.org/view.php?id=CVE-2013-5306
16 Aug 2013 — SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Browser - TYPO3 sin PHP (browser) anterior a v4.5.5 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos. • http://osvdb.org/95963 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •