Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 17.120 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 190 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 17.120

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Gogs < 0.14.3 - Unauthenticated Organization Teams Disclosure CVE-2026-52815	Network Scanner	Jun 24, 2026	Medium(4.3)	No
FOSSBilling - Server-Side Template Injection CVE-2026-28496	Network Scanner	Jun 24, 2026	Critical	No
Xerte Online Toolkits <= 3.15 - Remote Code Execution CVE-2026-34413	Network Scanner	Jun 24, 2026	Critical(9.8)	No
Open SOCKS4/SOCKS5 proxy	Network Scanner	Jun 24, 2026	Medium	No
Magento 2 Amasty Order Attributes < 4.0.0 - Unauthenticated Arbitrary File Upload CVE-2026-53787	Network Scanner	Jun 23, 2026	Critical(9.8)	No
UniFi Network Application - Path Traversal CVE-2026-22557	Network Scanner	Jun 22, 2026	Critical(10)	No
LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery CVE-2026-54157	Network Scanner	Jun 22, 2026	Medium(9)	No
Dashy <= 4.3.6 - Reflected XSS via Workspace CVE-2026-55592	Network Scanner	Jun 22, 2026	Medium(6.1)	No
Samba Printing Subsystem - Remote Code Execution CVE-2026-4480	Network Scanner	Jun 22, 2026	Critical(9.8)	No
Dify < 1.13.0 - Unauthenticated SSRF via Remote File Upload	Network Scanner	Jun 20, 2026	High	No
Oracle PeopleSoft PeopleTools PSEMHUB - Pre-Auth Java Deserialization RCE CVE-2026-35273	Network Scanner	Jun 19, 2026	Critical(9.8)	No
FUXA 1.3.0 - Unauthenticated ICS/SCADA Project Data Disclosure CVE-2026-47717	Network Scanner	Jun 19, 2026	High(7.5)	No
mcp-atlassian < 0.17.0 - Server-Side Request Forgery CVE-2026-27826	Network Scanner	Jun 18, 2026	High(8.2)	No
OpenCATS - Command Injection CVE-2026-27760	Network Scanner	Jun 18, 2026	High(8.1)	No
Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass CVE-2026-50751	Network Scanner	Jun 17, 2026	Critical(10)	No
OpenBullet2 <= 0.3.2 - Authentication Bypass CVE-2026-25555	Network Scanner	Jun 17, 2026	Critical(9.8)	No
Campaign Monitor for WordPress - Information Disclosure CVE-2024-6569	Network Scanner	Jun 17, 2026	Medium(5.3)	No
DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting CVE-2025-61224	Network Scanner	Jun 17, 2026	Medium(6.1)	No
SiYuan Note <= 3.6.5 - Authentication Bypass CVE-2026-54069	Network Scanner	Jun 17, 2026	Critical(9.1)	No
UpdraftPlus WP Backup & Migration Plugin - Authentication Bypass CVE-2026-10795	Network Scanner	Jun 16, 2026	High(8.1)	No
Splunk Enterprise & Cloud Platform - Unrestricted File Upload CVE-2026-20253	Network Scanner	Jun 15, 2026	Critical(9.8)	No
Piwigo < 16.3.0 - Unauthenticated Information Disclosure via History API CVE-2026-27833	Network Scanner	Jun 15, 2026	High(7.5)	No
DbGate - Remote Code Execution via Dynamic Import Bypass CVE-2026-47670	Network Scanner	Jun 15, 2026	Critical(9.4)	No
Lyrion Music Server <= 9.2.0 - Cross-Site Scripting CVE-2026-50230	Network Scanner	Jun 15, 2026	Medium(6.1)	No
W3 Total Cache < 2.8.2 - Log File Exposure CVE-2024-12008	Network Scanner	Jun 14, 2026	Medium(5.3)	No