The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,....
6.4CVSS
7.6AI Score
0.001EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
7.6AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
7.6AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated.....
6.4CVSS
6AI Score
0.0004EPSS
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG...
5.5CVSS
5.5AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress.....
9.8CVSS
9.4AI Score
0.136EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as NT AUTHORITY\SYSTEM. This could allow a local attacker to execute operating system commands with elevated...
7.8CVSS
7.5AI Score
0.0004EPSS
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege...
7.8CVSS
7.3AI Score
0.0004EPSS
Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local...
7.7CVSS
6.6AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the...
6.5CVSS
6.3AI Score
0.001EPSS
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing...
5.4CVSS
5.2AI Score
0.001EPSS
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an...
8.8CVSS
8.8AI Score
0.001EPSS
Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local...
6.7CVSS
6.6AI Score
0.0004EPSS
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are.....
9.8CVSS
9.4AI Score
0.008EPSS
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are....
9.1CVSS
9.2AI Score
0.016EPSS
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions,...
9.1CVSS
9.2AI Score
0.016EPSS
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol...
7.5CVSS
7.4AI Score
0.001EPSS
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol...
9.8CVSS
9.5AI Score
0.024EPSS
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe...
7.5CVSS
7.5AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private...
4.7CVSS
4.6AI Score
0.0004EPSS
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http...
5.9CVSS
5.7AI Score
0.002EPSS
7.8CVSS
7.5AI Score
0.003EPSS
A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI...
9.8CVSS
9.6AI Score
0.003EPSS
An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1...
6.1CVSS
5.9AI Score
0.001EPSS
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query...
9.1CVSS
9.1AI Score
0.004EPSS
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol...
9.8CVSS
9.6AI Score
0.036EPSS
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol...
9.8CVSS
10AI Score
0.04EPSS
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary...
6.7CVSS
6.9AI Score
0.0004EPSS
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified...
7.8CVSS
7.5AI Score
0.0004EPSS
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file...
7.6AI Score
0.027EPSS
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port...
6.7AI Score
0.028EPSS
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown...
7.8AI Score
0.032EPSS