Skip to main content

Toolbox

12 CVEs product

Monthly

CVE-2025-43014 MEDIUM This Month

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbox
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-43013 MEDIUM This Month

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Toolbox
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-43012 HIGH This Week

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Toolbox
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-42921 MEDIUM This Month

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Toolbox
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2024-9177 MEDIUM PATCH This Month

The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Toolbox
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24943 MEDIUM This Month

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Toolbox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25207 CRITICAL Act Now

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Toolbox
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-25013 HIGH This Week

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Toolbox
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15827 HIGH This Week

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Toolbox
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-18368 HIGH This Week

In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Toolbox
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2019-14959 MEDIUM This Month

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Toolbox
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-12280 HIGH This Week

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbox Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.0
7.8
EPSS
2.1%
EPSS 0% CVSS 6.1
MEDIUM This Month

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbox
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Toolbox
NVD
EPSS 0% CVSS 8.3
HIGH This Week

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Toolbox
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Toolbox
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Toolbox
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Toolbox
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Toolbox
NVD
EPSS 1% CVSS 7.5
HIGH This Week

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Toolbox
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Toolbox
NVD
EPSS 1% CVSS 7.3
HIGH This Week

In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Toolbox
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Toolbox
NVD
EPSS 2% CVSS 7.8
HIGH This Week

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbox Supportassist For Business Pcs +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy