CVEs by Roland Hack

CVE-2023-28364: Open Redirect in Brave Browser (Android & iOS)
Published: March 2023
Versions of Brave Browser for Android and iOS prior to version 1.52.117 contained an open redirect vulnerability in the built-in QR scanner. When a user scanned a malicious QR code, the browser would automatically navigate to the scanned URL without displaying or confirming it. This allows attackers to craft malicious links that lead to phishing sites or allow unauthorized file downloads.
Impact: - Phishing or malicious redirects - Unauthorized file downloads
View on NVD
CVE-2024-29151: Dependency Confusion in Rocket.Chat.Audit
Published: January 2024
In Rocket.Chat.Audit version v0.2.0, a dependency confusion vulnerability was discovered. The requirements.txt file specifies a Python module named filecachetools, which is not available on PyPI (the official Python package repository). This allows an attacker to upload a malicious package with the same name, potentially leading to remote code execution (RCE) or data compromise during installation.
Impact: - Remote Code Execution (RCE)
View on NVD
CVE-2024-XXXX: New Vulnerability on Brave iOS (Pending)
Published: Pending
A new vulnerability has been identified in Brave Browser for iOS. Details are currently under investigation, and the CVE ID has not yet been assigned. This vulnerability has not been publicly disclosed but could potentially affect the security of Brave Browser on iOS devices.
Impact: - Details pending
View on NVD