Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.073 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 177 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 16.073

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
QNAP Music Station < 5.4.0 - Authentication Bypass CVE-2023-45038	Network Scanner	Dec 9, 2025	Medium(4.3)	No
Oracle WebLogic Server - Remote Code Execution CVE-2021-2135	Network Scanner	Dec 9, 2025	Critical(9.8)	No
SAP Solution Manager - Open Redirect CVE-2020-26836	Network Scanner	Dec 9, 2025	Medium(6.1)	No
WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS CVE-2024-39646	Network Scanner	Dec 9, 2025	High(7.1)	No
React Server Components - Remote Code Execution CVE-2025-55182	Network Scanner	Dec 9, 2025	Critical(10)	Yes
IBM BigFix Platform - Information Disclosure CVE-2019-4061	Network Scanner	Dec 9, 2025	Medium(5.3)	No
Bitrix Site Manager - Log File Disclosure	Network Scanner	Dec 9, 2025	Medium	No
LiteSpeed Cache <= 6.5.0.2 - Stored XSS CVE-2024-47374	Network Scanner	Dec 9, 2025	High(7.1)	No
Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting CVE-2023-3388	Network Scanner	Dec 9, 2025	High(7.2)	No
Apache Kvrocks - Exposed	Network Scanner	Dec 9, 2025	High	No
WordPress BuddyPress < 2.9.2 - Authenticated Open Redirect	Network Scanner	Dec 9, 2025	Low	No
GiveWP - Missing Authorization to Settings Update CVE-2020-20627	Network Scanner	Dec 9, 2025	Medium(5.3)	No
Metabase Installer - Exposure	Network Scanner	Dec 8, 2025	High	No
X-Backend-Server Header - Exposure	Network Scanner	Dec 8, 2025	Low	No
Munin Monitoring Dashboard - Exposure	Network Scanner	Dec 6, 2025	Medium	No
ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting CVE-2025-5301	Network Scanner	Dec 6, 2025	Medium(6.1)	No
ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE) CVE-2019-10647	Network Scanner	Dec 6, 2025	Critical(9.8)	No
WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts CVE-2019-17671	Network Scanner	Dec 5, 2025	Medium(5.3)	No
React Server Components - Remote Code Execution CVE-2025-55182	Network Scanner	Dec 5, 2025	Critical(10)	No
Microsoft SharePoint - List API Disclosure	Network Scanner	Dec 4, 2025	Low	No
Post Grid <= 2.2.50 - Information Exposure via REST API CVE-2023-40211	Network Scanner	Dec 4, 2025	High(7.5)	No
WP Google Maps < 9.0.48 - Cross-Site Scripting CVE-2025-11307	Network Scanner	Dec 4, 2025	High(8.8)	No
HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation CVE-2023-37999	Network Scanner	Dec 4, 2025	Critical(9.8)	No
elFinder < 2.1.58 - Remote Code Execution CVE-2021-23394	Network Scanner	Dec 3, 2025	High(8.1)	No
freeFTPD < 1.0.12 PASS Command Buffer Overflow Vulnerability CVE-2013-10042	Network Scanner	Dec 3, 2025	Critical(9.8)	No