Toolbox
Monthly
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.