Vulnerabilities in tooljet
11 resultsCVE-2022-23067HIGHToolJet - Token Leakage via Referer HeaderEPSS 1.2%CVE-2022-2037CRITICALExcessive Attack Surface in tooljet/tooljetEPSS 1.1%CVE-2022-2631CRITICALImproper Access Control in tooljet/tooljetEPSS 0.9%CVE-2022-3348MEDIUMExposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljetEPSS 0.8%CVE-2022-3422CRITICALImproper Privilege Management in tooljet/tooljetEPSS 0.8%CVE-2022-4111MEDIUMImproper Validation of Specified Quantity in Input in tooljet/tooljetEPSS 0.8%CVE-2022-3019HIGHImproper Access Control in tooljet/tooljetEPSS 0.7%CVE-2022-23068MEDIUMToolJet - HTML Injection in Invite New UserEPSS 0.6%CVE-2026-55413CRITICALToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code ExecutionEPSS 0.3%CVE-2026-55412HIGHToolJet Cloud - SSRF to Azure Cloud Infrastructure CompromiseEPSS 0.2%CVE-2026-55411MEDIUMToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secretsEPSS 0.1%