Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 17.107 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 190 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 17.107

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
OpenBullet2 <= 0.3.2 - Authentication Bypass CVE-2026-25555	Network Scanner	Jun 17, 2026	Critical(9.8)	No
Campaign Monitor for WordPress - Information Disclosure CVE-2024-6569	Network Scanner	Jun 17, 2026	Medium(5.3)	No
SiYuan Note <= 3.6.5 - Authentication Bypass CVE-2026-54069	Network Scanner	Jun 17, 2026	Critical(9.1)	No
Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass CVE-2026-50751	Network Scanner	Jun 17, 2026	Critical(10)	No
DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting CVE-2025-61224	Network Scanner	Jun 17, 2026	Medium(6.1)	No
UpdraftPlus WP Backup & Migration Plugin - Authentication Bypass CVE-2026-10795	Network Scanner	Jun 16, 2026	High(8.1)	No
Splunk Enterprise & Cloud Platform - Unrestricted File Upload CVE-2026-20253	Network Scanner	Jun 15, 2026	Critical(9.8)	No
Piwigo < 16.3.0 - Unauthenticated Information Disclosure via History API CVE-2026-27833	Network Scanner	Jun 15, 2026	High(7.5)	No
DbGate - Remote Code Execution via Dynamic Import Bypass CVE-2026-47670	Network Scanner	Jun 15, 2026	Critical(9.4)	No
Lyrion Music Server <= 9.2.0 - Cross-Site Scripting CVE-2026-50230	Network Scanner	Jun 15, 2026	Medium(6.1)	No
W3 Total Cache < 2.8.2 - Log File Exposure CVE-2024-12008	Network Scanner	Jun 14, 2026	Medium(5.3)	No
Joomla! JCE extension < 2.9.99.5 unauthenticated RCE CVE-2026-48907	Network Scanner	Jun 14, 2026	Critical(10)	No
Dgraph <= 25.3.2 - Admin Token Disclosure CVE-2026-41492	Network Scanner	Jun 11, 2026	Critical(9.8)	No
SiYuan <= v3.6.1 - Path Traversal CVE-2026-33476	Network Scanner	Jun 11, 2026	High(7.5)	No
Everest Forms Pro <= 1.9.12 - Unauthenticated RCE via Calculation Formula Injection CVE-2026-3300	Network Scanner	Jun 11, 2026	Critical(9.8)	No
WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE CVE-2026-49777	Network Scanner	Jun 11, 2026	Critical(10)	No
phpMyFAQ <= 4.1.1 - SQL Injection CVE-2026-46364	Network Scanner	Jun 11, 2026	Critical(9.8)	No
WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR CVE-2026-8839	Network Scanner	Jun 11, 2026	Medium(5.3)	No
MuleSoft DataWeave Interactive Learning Environment - Unauthenticated Access	Network Scanner	Jun 11, 2026	High	No
Budibase - Admin Installer	Network Scanner	Jun 11, 2026	High	No
PraisonAI - Authentication Bypass CVE-2026-44338	Network Scanner	Jun 11, 2026	High(7.3)	No
WP User Manager – User Profile Builder & Membership - Local File Inclusion CVE-2026-9290	Network Scanner	Jun 11, 2026	High(7.5)	No
Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover CVE-2026-10580	Network Scanner	Jun 11, 2026	Critical(9.8)	No
PraisonAI AgentOS - Information Disclosure CVE-2026-40151	Network Scanner	Jun 11, 2026	Medium(5.3)	No
WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection CVE-2026-3018	Network Scanner	Jun 11, 2026	High(7.5)	No