HomePentest-Tools.com Logo

Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.

We detect more than 15,000 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 114 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Pentest-Tools.com Vulnerabilities
VMware Aria Operations for Networks - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Citrix ADC Gateway - Authentication BypassNetwork Scanner

Critical

9.8No
Cloudpanel - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Citrix ADC Gateway - Remote Code ExecutionNetwork Scanner

Critical

9.8No
Adobe ColdFusion - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
WAGO - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
OpenTSDB - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Metabase - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Citrix ADC Gateway - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Chamilo - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Ivanti Endpoint Manager Mobile (EPMM) - Unauthenticated API AccessNetwork Scanner

Critical

10Yes
Apache RocketMQ - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Nuxt Framework - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)TerraMaster RCENetwork Scanner

High

7.5Yes
Gitlab - Arbitrary File ReadNetwork Scanner

High

7.5Yes
Cybersecurity Infrastructure Security Agency (CISA)Moveit Transfer - SQLiNetwork Scanner

Critical

9.8No
Cybersecurity Infrastructure Security Agency (CISA)PaperCut - Unauthenticated Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Oracle E-Business Suite - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Sophos Web Appliance - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
vBulletin - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Microsoft MSMQ - Remote Code ExecutionNetwork Scanner

Critical

9.8No
Cybersecurity Infrastructure Security Agency (CISA)Oracle WebLogic - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Liferay Portal - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Oracle WebLogic - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Minio - Information DisclosureNetwork Scanner

High

7.5Yes
Cybersecurity Infrastructure Security Agency (CISA)Zimbra - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Oracle WebLogic - Remote Code ExecutionNetwork Scanner

High

7.5Yes
Cybersecurity Infrastructure Security Agency (CISA)Jira - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Joomla - Improper Access ExecutionNetwork Scanner

Medium

5.3Yes
Apache Commons - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Fortinet FortiNAC - Remote Code ExecutionNetwork Scanner

Critical

9.8No
Cybersecurity Infrastructure Security Agency (CISA)Cacti - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)GoAnywhere MFT - Remote Code ExecutionNetwork Scanner

High

7.2Yes
Cybersecurity Infrastructure Security Agency (CISA)CentOS Web Panel - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)ManageEngine - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
GLPI - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Webmin - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cisco Small Business RV Series - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Cisco Small Business RV Series - Information DisclosureNetwork Scanner

High

7.5Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache APISIX - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
pfSense pfBlocker-NG - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Node.js - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
WordPress - Server Side Request ForgeryNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)FortiOS, FortiProxy and FortiSwitchManager - Authentication BypassNetwork Scanner

Critical

9.6Yes
Cybersecurity Infrastructure Security Agency (CISA)Microsoft Exchange - Remote Code Execution (ProxyNotShell - CVE-2022-41040, CVE-2022-41082)Network Scanner

High

8.8No
Cybersecurity Infrastructure Security Agency (CISA)Bitbucket Server & Data Center - Remote Code ExecutionNetwork Scanner

High

8.8Yes
Cybersecurity Infrastructure Security Agency (CISA)ManageEngine Password Manager Pro & PAM360 - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Jenkins - Remote Code Execution (CVE-2018-1000861, CVE-2019-1003005, CVE-2019-1003029)Network Scanner

Critical

9.9Yes
Gitlab CE/EE - Remote Code ExecutionNetwork Scanner

Critical

9.9No
Django - SQL InjectionNetwork Scanner

Critical

9.8No
Apache - Memory CorruptionNetwork Scanner

High

7.5No
Jira - Arbitrary File ReadNetwork Scanner

Medium

5.3Yes
Cybersecurity Infrastructure Security Agency (CISA)Zimbra ZCS - Remote Code Execution (CVE-2022-27925,CVE-2022-37042)Network Scanner

Critical

9.8Yes
Jira - Arbitrary File ReadNetwork Scanner

Medium

5.3Yes
VMware Workspace One - Arbitrary File ReadNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)BlueKeep - Remote Code ExecutionNetwork Scanner

Critical

9.8No
Jira - Arbitrary File ReadNetwork Scanner

High

7.5Yes
Jira - Information DisclosureNetwork Scanner

Medium

5.3Yes
Cybersecurity Infrastructure Security Agency (CISA)Atlassian Confluence - Arbitrary File ReadNetwork Scanner

Medium

5.3Yes
Cybersecurity Infrastructure Security Agency (CISA)Drupal - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Kibana - Remote Code ExecutionNetwork Scanner

Critical

10Yes
Cybersecurity Infrastructure Security Agency (CISA)Microsoft SharePoint - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Spring - Remote Code ExecutionNetwork Scanner

Critical

9.8No
Cybersecurity Infrastructure Security Agency (CISA)Atlassian Crowd - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Atlassian Confluence - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Pulse Secure - Local File InclusionNetwork Scanner

Critical

10Yes
Cybersecurity Infrastructure Security Agency (CISA)Drupal Core - Remote Code ExecutionNetwork Scanner

High

8.1Yes
Cybersecurity Infrastructure Security Agency (CISA)F5 BIG-IP - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Atlassian Confluence - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)ZyXEL Firewall - Unauthenticated Remote Command InjectionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Gitlab CE/EE - Remote Code ExecutionNetwork Scanner

Critical

10Yes
Cybersecurity Infrastructure Security Agency (CISA)Zabbix - Authentication Bypass and Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)DotCMS - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Jira - Authentication BypassNetwork Scanner

Critical

9.8No
Cybersecurity Infrastructure Security Agency (CISA)F5 BIG-IP - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)F5 BIG-IP - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Spring Core - Remote Code Execution (Spring4Shell - CVE-2022-22965)Network Scanner

Critical

9.8Yes
Grafana - Arbitrary File ReadNetwork Scanner

High

7.5Yes
Oracle WebLogic - Local File InclusionNetwork Scanner

High

7.5No
Cybersecurity Infrastructure Security Agency (CISA)Apache Struts - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)VMware Workspace One - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)ManageEngine - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Redis - Remote Code ExecutionNetwork Scanner

Critical

10Yes
Cybersecurity Infrastructure Security Agency (CISA)Magento - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)WSO2 - Unrestricted File Upload and Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Apache Struts - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Adobe Coldfusion - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Microsoft Exchange - Remote Code Execution (ProxyLogon - CVE-2021-26855, CVE-2021-27065)Network Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Microsoft Exchange - ProxyLogon Backdoor Webshells (CVE-2021-26855, CVE-2021-27065)Network Scanner

Critical

9.8No
Cybersecurity Infrastructure Security Agency (CISA)Spring Cloud Function - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Spring Cloud Gateway - Remote Code ExecutionNetwork Scanner

Critical

10Yes
Cybersecurity Infrastructure Security Agency (CISA)VMware vCenter - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)ManageEngine Desktop Central - Authentication Bypass and Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Microsoft EternalBlue - Remote Code Execution (MS17-010 - CVE-2017-0144)Network Scanner

High

8.1Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Tomcat - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10Yes
Cybersecurity Infrastructure Security Agency (CISA)Log4j - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10Yes
Log4j - Remote Code Execution (Log4Shell - CVE-2021-45046)Network Scanner

Critical

9No
Apache Struts - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Solr - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10No
Cybersecurity Infrastructure Security Agency (CISA)MobileIron - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10No
Cybersecurity Infrastructure Security Agency (CISA)Apache Flink - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10No
Cybersecurity Infrastructure Security Agency (CISA)Apache Struts - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10Yes
Cybersecurity Infrastructure Security Agency (CISA)VMware vCenter - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10No
Cybersecurity Infrastructure Security Agency (CISA)Apache Druid - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10No
Cybersecurity Infrastructure Security Agency (CISA)ManageEngine ADSelfService Plus - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Oracle Weblogic - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Struts 2 - Remote Code ExecutionNetwork Scanner

High

8.1Yes
Cybersecurity Infrastructure Security Agency (CISA)Oracle Weblogic - Path TraversalNetwork Scanner

Critical

9.8No
Cybersecurity Infrastructure Security Agency (CISA)Oracle Weblogic - Remote Command ExecutionNetwork Scanner

High

7.2Yes
Log4j 1.x - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Elasticsearch - Remote Code Execution (Log4Shell - CVE-2021-44228)Network Scanner

Critical

10No
Netgear - Admin Credentials Disclosure & Remote Code Execution (CVE-2020-17409, CVE-2020-27866)Network Scanner

High

8.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache MOD Proxy - Server Side Request ForgeryNetwork Scanner

Critical

9No
Apache OFBiz - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Node.js Systeminformation - Command InjectionNetwork Scanner

High

7.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Sophos SG UTM - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Struts - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Apache Struts 2 - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Tomcat - Remote Code ExecutionNetwork Scanner

High

8.1Yes
Cybersecurity Infrastructure Security Agency (CISA)Exim - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Laravel - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Tomcat Server - Local File InclusionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Citrix ADC - Directory Traversal/Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Micro Focus OBM - Authentication BypassNetwork Scanner

High

8.8No
Visual Tools DVR - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Server - Remote Code Execution (Shellshock - CVE-2014-6271)Network Scanner

Critical

9.8Yes
Node-Red - Local File InclusionNetwork Scanner

High

7.5Yes
Microsoft Exchange - Reflected Cross-Site Scripting (ProxyOracle - CVE-2021-31195)Network Scanner

High

8.8No
Cybersecurity Infrastructure Security Agency (CISA)Cisco ASA VPN/FTD - Arbitrary File ReadNetwork Scanner

High

7.5Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Server - Arbitrary File ReadNetwork Scanner

High

7.5Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Server - Remote Code ExecutionNetwork Scanner

High

7.5Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Server - Arbitrary File ReadNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Apache Server - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)FortiOS SSL VPN - Arbitrary File ReadNetwork Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Azure OMI - Remote Code Execution (OMIGOD - CVE-2021-38647)Network Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)Microsoft Exchange - Remote Code Execution (ProxyShell - CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)Network Scanner

Critical

9.8Yes
Cybersecurity Infrastructure Security Agency (CISA)VMware vCenter - Remote Code ExecutionNetwork Scanner

Critical

9.8Yes
Citrix ADC - Reflected Code InjectionNetwork Scanner

Medium

6.5Yes
Cybersecurity Infrastructure Security Agency (CISA)Citrix ADC - Arbitrary File Read (CVE-2020-8193, CVE-2020-8195, CVE-2020-8196)Network Scanner

Medium

6.5Yes
Microsoft Exchange - Remote Code Execution (ProxyNotFound - CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483)Network Scanner

Critical

9.8No