Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 15.043 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 161 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 15.043

Pentest-Tools.com Vulnerabilities
Name
Detectable with
Detection added
Severity
Exploitable
with Sniper
Langflow AI - Unauthenticated Remote Code ExecutionNetwork Scanner

Critical(9.8)

No
Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationNetwork Scanner

High(8.8)

No
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` AnnotationNetwork Scanner

High(8.8)

No
Sante PACS Server.exe - Path Traversal Information DisclosureNetwork Scanner

High(7.5)

No
MinIO - Incomplete Signature Validation for Unsigned-Trailer UploadsNetwork Scanner

High

No
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror AnnotationsNetwork Scanner

High(8.8)

No
LDAP Anonymous LoginNetwork Scanner

Medium

No
cPanel Configuration - File DisclosureNetwork Scanner

Medium

No
UNA CMS 14.0.0-RC - PHP Object InjectionNetwork Scanner

Critical

No
DSL-124 Wireless N300 ADSL2+ - Backup File DisclosureNetwork Scanner

High

No
GeoVision GV-SNVR0811 - Directory TraversalNetwork Scanner

High

No
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` AnnotationNetwork Scanner

High(8.8)

No
Vite Development Server - Path TraversalNetwork Scanner

Medium(5.3)

No
WordPress Download Manager - File Password ExposureNetwork Scanner

Medium(5.3)

No
Delmia Apriso - Pre-Authentication Unsafe .NET Object DeserializationNetwork Scanner

Critical(9)

No
Cybersecurity Infrastructure Security Agency (CISA)Fortinet Authentication BypassNetwork Scanner

Critical(9.8)

No
WordPress Download Manager < 3.2.44 - Authenticated Cross-Site ScriptingNetwork Scanner

Medium(6.1)

No
User Registration & Membership <= 4.1.1 - Unauthenticated Privilege EscalationNetwork Scanner

Critical(9.8)

No
Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey ComponentNetwork Scanner

Critical(9.8)

No
Response Header InjectionWebsite Scanner

High

No
FastCGI Configuration - File DisclosureNetwork Scanner

Medium

No
WordPress Download Manager < 3.3.07 - Unauthenticated Data ExposureNetwork Scanner

Medium(5.3)

No
System Dashboard < 2.8.10 - Cross-Site ScriptingNetwork Scanner

Medium(5.4)

No
Shield Security Plugin < 20.0.6 - Cross-Site ScriptingNetwork Scanner

Medium(6.1)

No
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info FileNetwork Scanner

Medium(5.3)

No