CVE-2025-43014

< 2.6

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

6.1MEDIUM

CVE-2025-43013

< 2.6

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

6.9MEDIUM

CVE-2025-43012

< 2.6

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

8.3HIGH

CVE-2025-42921

< 2.6

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

4.2MEDIUM

CVE-2024-9177

< 1.0.16

The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social

6.4MEDIUM

CVE-2024-24943

< 2.2

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image

5.3MEDIUM

CVE-2022-48481

< 1.28

In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible

5.2MEDIUM

CVE-2020-25207

< 1.18

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

9.8CRITICAL

CVE-2020-25013

< 1.18

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.

7.5HIGH

CVE-2020-15827

>= 1.17 and < 1.17.6856

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.

7.5HIGH

CVE-2019-18368

< 1.15.5666

In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.

7.3HIGH

CVE-2019-14959

< 1.15.5605

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.

5.9MEDIUM

CVE-2019-12280

< 7.3

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

7.8HIGH

CVE-2007-6139

all versions

PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP co