Vulnerabilities > Tooljet > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-26 | CVE-2022-27978 | Improper Handling of Exceptional Conditions vulnerability in Tooljet 1.6 Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. | 7.5 |
| 2022-10-07 | CVE-2022-3422 | Unspecified vulnerability in Tooljet Account Takeover :: when see the info i can see the hash pass i can creaked it ............... | 7.5 |
| 2022-08-29 | CVE-2022-3019 | Authorization Bypass Through User-Controlled Key vulnerability in Tooljet The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | 8.8 |
| 2022-08-02 | CVE-2022-2631 | Unspecified vulnerability in Tooljet Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. | 8.8 |
| 2022-06-09 | CVE-2022-2037 | Unspecified vulnerability in Tooljet Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. | 8.0 |