Toolbox Security Vulnerabilities
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
6AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,....
6.4CVSS
6.1AI Score
0.001EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6.1AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
6.1AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated.....
6.4CVSS
5.9AI Score
0.0004EPSS
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG...
5.5CVSS
7.3AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress.....
9.8CVSS
7.6AI Score
0.136EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through...
5.4CVSS
7.1AI Score
0.0004EPSS
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as NT AUTHORITY\SYSTEM. This could allow a local attacker to execute operating system commands with elevated...
7.8CVSS
7.6AI Score
0.0004EPSS
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege...
7.8CVSS
7.3AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the...
6.5CVSS
6.3AI Score
0.001EPSS
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are....
9.1CVSS
9.3AI Score
0.016EPSS
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions,...
9.1CVSS
9.3AI Score
0.016EPSS
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol...
7.5CVSS
7.2AI Score
0.001EPSS
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol...
9.8CVSS
7.9AI Score
0.024EPSS
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe...
7.5CVSS
6.8AI Score
0.001EPSS
7.3CVSS
7.2AI Score
0.001EPSS
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http...
5.9CVSS
6.8AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.002EPSS
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7AI Score
0.0004EPSS
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary...
6.7CVSS
8.1AI Score
0.0004EPSS
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file...
8.3AI Score
0.027EPSS