Skip to main content

Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.

We detect more than 11.408 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 141 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 11.408

Pentest-Tools.com Vulnerabilities
Name
CVE
Detectable
with
Detection added
Severity
CVSSv3
score
Exploitable
with Sniper
EfroTech Timetrax v8.3 - Sql Injection
CVE-2024-39250
Network Scanner
---
---No
Dolibarr ERP CMS `list.php` - SQL Injection
CVE-2024-5315
Network Scanner

Critical

9.1No
FOG Project < 1.5.10.34 - Remote Command Execution
CVE-2024-39914
Network Scanner

Critical

9.8No
RWS WorldServer - Authentication Bypass
CVE-2022-34267
Network Scanner

Critical

9.8No
TurboMeeting - Boolean-based SQL Injection
CVE-2024-38289
Network Scanner
---
---No
LiteLLM - Server-Side Request Forgery
CVE-2024-6587
Network Scanner
---
---No
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
CVE-2024-4295
Network Scanner

Critical

9.8No
Craft CMS <=v3.7.31 - SQL Injection
CVE-2024-37843
Network Scanner

Critical

9.8No
Polyfill Supply Chain Attack Malicious Code Execution
CVE-2024-38526
Network Scanner

High

7.2No
Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution
CVE-2024-4885
Network Scanner

Critical

9.8No
wpForo Forum <= 2.1.8 - Cross-Site Scripting
CVE-2023-2309
Network Scanner

Medium

6.1No
Temenos Transact - Cross-Site Scripting
CVE-2022-38322
Network Scanner
---
---No
Bazarr < 1.4.3 - Arbitrary File Read
CVE-2024-40348
Network Scanner
---
---No
LiveGBS user/save - Logical Flaw (CNVD-2023-72138)
CNVD-2023-72138
Network Scanner
---
---No
ShokoServer System - Local File Inclusion (LFI)
CVE-2023-43662
Network Scanner

High

8.6No
H3C ER8300G2-X - Password Disclosure
CVE-2024-32238
Network Scanner

Critical

9.8No
TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection
CVE-2024-34257
Network Scanner
---
---No
EasySpider 0.6.2 - Arbitrary File Read
CVE-2024-6746
Network Scanner

Medium

4.3No
Netgear-WN604 downloadFile.php - Information Disclosure
CVE-2024-6646
Network Scanner

Medium

5.3No
Next.js - Server Side Request Forgery (SSRF)
CVE-2024-34351
Network Scanner

High

7.5No
Magento - XML External Entity Injection
CVE-2024-34102
Network Scanner

Critical

9.8Yes
BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection
CVE-2024-4257
Network Scanner

Medium

6.3No
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
CVE-2024-6289
Network Scanner

Medium

6.1No
XWiki - Open Redirect
CVE-2023-29204
Network Scanner

Medium

6.1No
WWBN AVideo 11.6 - Cross-Site Scripting
CVE-2023-48728
Network Scanner

Medium

6.1No