Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 15.084 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 163 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 15.084

Pentest-Tools.com Vulnerabilities
Name
Detectable with
Detection added
Severity
Exploitable
with Sniper
vBulletin replaceAdTemplate - Remote Code ExecutionNetwork Scanner

Critical

No
Cybersecurity Infrastructure Security Agency (CISA)TP-Link Archer AX21 (AX1800) - Unauthenticated Command InjectionNetwork Scanner

Critical(9.8)

No
MagnusBilling Alarm Module - Cross-Site ScriptingNetwork Scanner

High(7.6)

No
Versa Concerto API Path Based - Authentication BypassNetwork Scanner

Critical

No
Emby Installation Page - ExposureNetwork Scanner

High

No
MagnusBilling - Default LoginNetwork Scanner

High

No
MagnusBilling Login Logs - Cross-Site ScriptingNetwork Scanner

High(8.2)

No
Usermin 2.100 - Username EnumerationNetwork Scanner

Medium(5.3)

No
Pandora FMS <=7.0NG.722 - Remote Code ExecutionNetwork Scanner

High(7.5)

No
Zoho ManageEngine OpManager - SQL InjectionNetwork Scanner

High(7.5)

No
PublishPress Capabilities < 2.3.3 - Cross-Site ScriptingNetwork Scanner

Medium

No
Jordy Meow AI Engine - Unrestricted File UploadNetwork Scanner

Critical(9.8)

No
Versa Concerto Actuator Endpoint - Authentication BypassNetwork Scanner

Critical

No
MapSVG < 6.2.20 - Unauthenticated SQLiNetwork Scanner

Critical(9.8)

No
Grafana - XSS / Open Redirect / SSRF via Client Path TraversalNetwork Scanner

High(7.6)

No
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code ExecutionNetwork Scanner

Critical(9.8)

No
Youzify < 1.2.0 - Unauthenticated SQLiNetwork Scanner

Critical(9.8)

No
Pandora v7.0NG.777.3 - Remote Code ExecutionNetwork Scanner

Critical(9.8)

No
Roxy-WI - Remote Code ExecutionNetwork Scanner

Critical(9.8)

No
Cybersecurity Infrastructure Security Agency (CISA)DrayTek Vigor - Command InjectionNetwork Scanner

Critical(9.8)

No
Cybersecurity Infrastructure Security Agency (CISA)PRTG Network Monitor - Local File InclusionNetwork Scanner

Critical(9.8)

No
OpenMRS Platform < 2.24.0 - Insecure Object DeserializationNetwork Scanner

Critical(9.8)

No
LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLiNetwork Scanner

Critical(9.9)

No
Roxy-WI - Remote Code ExecutionNetwork Scanner

Critical(9.8)

No
YouPHPTube Encoder - Arbitrary File WriteNetwork Scanner

Critical(9.8)

No