Skip to main content

Brave

17 CVEs product

Monthly

CVE-2024-43337 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.7.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Brave
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-51534 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave - Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brave
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-28360 MEDIUM This Month

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-47934 MEDIUM POC PATCH This Month

Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Denial Of Service Brave
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-47933 MEDIUM POC PATCH This Month

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Brave
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-47932 MEDIUM POC PATCH This Month

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Brave
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-30334 MEDIUM POC This Month

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Brave
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-45884 HIGH POC PATCH This Week

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brave
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-22929 MEDIUM POC This Month

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-22916 MEDIUM This Month

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2021-21323 MEDIUM PATCH This Month

Brave is an open source web browser with a focus on privacy and security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Brave
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-8276 MEDIUM POC This Month

The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Brave
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-1000815 MEDIUM PATCH This Month

Brave Software Inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brave
NVD GitHub
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-10799 MEDIUM POC This Month

A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-10798 MEDIUM POC This Month

A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-8459 MEDIUM POC This Month

Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2017-8458 MEDIUM POC PATCH This Month

Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brave
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.7.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Brave
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave - Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brave
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brave
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Denial Of Service Brave
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Brave
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Brave
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Brave
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brave
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brave
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Brave is an open source web browser with a focus on privacy and security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Brave
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Brave
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Brave Software Inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brave
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brave
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy