Skip to main content

Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 14.996 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 158 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 14.996

Pentest-Tools.com Vulnerabilities
Name
Detectable with
Detection added
Severity
Exploitable
with Sniper
Next.js Middleware Authorization Bypass
CVE-2025-29927
Network Scanner

Critical(9.1)

No
Drupal 7 Elfinder - Remote Code ExecutionNetwork Scanner

Critical

No
Unify HiPath Cordless IP - Default LoginNetwork Scanner

High

No
Next.js Middleware Bypass
CVE-2025-29927
Network Scanner

Critical(9.1)

No
MobSF - Path Traversal
CVE-2024-21633
Network Scanner

High(7.8)

No
baserCMS Installation - ExposureNetwork Scanner

Critical

No
Nuxtjs Config File - File DisclosureNetwork Scanner

Low

No
KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
CVE-2023-49489
Network Scanner

Medium(6.1)

No
Vercel Config File - File DisclosureNetwork Scanner

Low

No
Gunicorn Config File - File DisclosureNetwork Scanner

Low

No
Dnsmasq Config - File DisclosureNetwork Scanner

Low

No
Icecast Config - File DisclosureNetwork Scanner

Low

No
Elastic Kibana Config - File DisclosureNetwork Scanner

Medium

No
Haproxy Config - File DisclosureNetwork Scanner

Low

No
ASUS DSL-AC88U - Authentication Bypass
CVE-2024-3080
Network Scanner

Critical(9.8)

No
Discourse Backup File Disclosure Via Default Nginx Configuration
CVE-2024-53991
Network Scanner

High(7.5)

No
TP-Link Archer C20 - Authentication Bypass
CVE-2024-57049
Network Scanner

Critical(9.8)

No
Log4j Properties - File DisclosureNetwork Scanner

Low

No
Next JS Config - File DisclosureNetwork Scanner

Low

No
Lighttpd Config File - File DisclosureNetwork Scanner

Low

No
WordPress Themify Builder < 7.5.8 - Open Redirect
CVE-2024-3032
Network Scanner

Medium(6.1)

No
WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting
CVE-2023-4284
Network Scanner

High(7.1)

No
WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion
CVE-2024-6460
Network Scanner

Critical(9.8)

No
Cybersecurity Infrastructure Security Agency (CISA)SugarCRM Unauthenticated - Remote Code Execution
CVE-2023-22952
Network Scanner

High(8.8)

No
WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting
CVE-2023-2256
Network Scanner

Medium(6.1)

No