Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.534 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 179 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 16.534

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection CVE-2025-13138	Network Scanner	Feb 6, 2026	High(7.5)	No
MOVEit Transfer - SQL Injection CVE-2023-35708	Network Scanner	Feb 5, 2026	Critical(9.1)	No
vCenter Server - Improper Access Control CVE-2021-22017	Network Scanner	Feb 5, 2026	Medium(5.3)	No
ProfileGrid <= 5.7.8 - SQL Injection CVE-2024-30490	Network Scanner	Feb 5, 2026	Critical(9.3)	No
Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution CVE-2025-10353	Network Scanner	Feb 5, 2026	Critical(9.8)	No
VMWare Cloud Foundation NSX-V - XML External Entity (XXE) CVE-2022-31678	Network Scanner	Feb 4, 2026	Critical(9.1)	No
WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass CVE-2024-6671	Network Scanner	Feb 4, 2026	Critical(9.8)	No
Laravel Livewire v3 - Remote Command Execution CVE-2025-54068	Network Scanner	Feb 4, 2026	Critical(9.8)	No
WP Extended < 3.0.0 - Stored Cross-Site Scripting CVE-2024-37259	Network Scanner	Feb 4, 2026	Medium(6.1)	No
OpenCode < 1.0.216 - Unauthenticated Remote Code Execution CVE-2026-22812	Network Scanner	Feb 4, 2026	High(8.8)	No
LatePoint <= 5.0.11 - SQL Injection CVE-2024-8911	Network Scanner	Feb 4, 2026	Critical(9.8)	No
RustDesk Web Client - Default login	Network Scanner	Feb 4, 2026	N/A	No
Redis < 8.2.3 - Stack Buffer Overflow CVE-2025-62507	Network Scanner	Feb 3, 2026	High(8.8)	No
XWiki Platform Distribution Flavor Main - Cross-Site Scripting CVE-2026-24128	Network Scanner	Feb 3, 2026	Medium(6.1)	No
WordPress H5VP Plugin - Full Path Disclosure	Network Scanner	Feb 3, 2026	N/A	No
WhoDB < 0.45.0 - Path Traversal CVE-2025-24786	Network Scanner	Feb 3, 2026	High(7.5)	No
Telnet inetutils - Authentication Bypass CVE-2026-24061	Network Scanner	Feb 3, 2026	Critical(9.8)	Yes
Contest Gallery - Broken Access Control CVE-2024-43283	Network Scanner	Jan 30, 2026	Medium(5.3)	No
GUDE - Default Login	Network Scanner	Jan 30, 2026	N/A	No
CraftCMS Debug Methods Exposed	Network Scanner	Jan 29, 2026	N/A	No
Citrix StoreFront Server - XML External Entity CVE-2019-13608	Network Scanner	Jan 29, 2026	High(7.5)	No
Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration CVE-2022-28987	Network Scanner	Jan 29, 2026	Medium(5.3)	No
FreshRSS Fever API - Exposure	Network Scanner	Jan 29, 2026	N/A	No
n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution CVE-2026-21877	Network Scanner	Jan 29, 2026	Critical(9.9)	No
WordPress LazyLoad Plugin - Full Path Disclosure	Network Scanner	Jan 29, 2026	N/A	No