Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.

We detect more than 11.140 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 131 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 11.140

Pentest-Tools.com Vulnerabilities
Name	CVE	Detectable with	Detection added	Severity	CVSSv3 score	Exploitable with Sniper
Cassia Gateway Firmware - Remote Code Execution	CVE-2023-31446	Network Scanner	Apr 24, 2024	High	9.8	No
OpenEMR < 7.0.1 - Cross-site Scripting	CVE-2023-2949	Network Scanner	Apr 24, 2024	Medium	6.1	No
Flowise 1.6.5 - Authentication Bypass	CVE-2024-31621	Network Scanner	Apr 24, 2024	High	---	No
OpenEMR < 7.0.1 - Cross-Site Scripting	CVE-2023-2948	Network Scanner	Apr 24, 2024	Medium	6.1	No
Academy LMS 6.2 - Cross-Site Scripting	CVE-2023-4973	Network Scanner	Apr 24, 2024	Medium	6.1	No
Progress Kemp Flowmon - Command Injection	CVE-2024-2389	Network Scanner	Apr 22, 2024	High	10	No
GlobalProtect - OS Command Injection	CVE-2024-3400	Network Scanner	Apr 17, 2024	High	10	No
AudioCodes Device Manager Express - SQL Injection	CVE-2022-24627	Network Scanner	Apr 17, 2024	High	9.8	No
LoadMaster - Remote Code Execution	CVE-2024-1212	Network Scanner	Apr 16, 2024	High	10	Yes
GoAnywhere MFT - Authentication Bypass	CVE-2024-0204	Network Scanner	Apr 16, 2024	High	9.8	Yes
OpenSSH Terrapin Attack - Detection	CVE-2023-48795	Network Scanner	Apr 16, 2024	Medium	5.9	No
ReCrystallize Server - Authentication Bypass	CVE-2024-26331	Network Scanner	Apr 13, 2024	High	---	No
Travelpayouts <= 1.1.16 - Open Redirect	CVE-2024-0337	Network Scanner	Apr 11, 2024	Medium	---	No
Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure	CVE-2022-0424	Network Scanner	Apr 11, 2024	Medium	5.3	No
WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection	CVE-2024-2879	Network Scanner	Apr 10, 2024	High	9.8	No
D-Link Network Attached Storage - Command Injection and Backdoor Account	CVE-2024-3273	Network Scanner	Apr 10, 2024	High	7.3	No
Text4Shell - Remote Code Execution	CVE-2022-42889	Network Scanner	Apr 8, 2024	High	9.8	No
PHP imap - Remote Command Execution	CVE-2018-19518	Network Scanner	Apr 8, 2024	High	7.5	No
Django - SQL injection	CVE-2022-34265	Network Scanner	Apr 8, 2024	High	9.8	No
Coda v.2024Q1 - Cross-Site Scripting	CVE-2024-28734	Network Scanner	Apr 7, 2024	Medium	---	No
PostgreSQL 9.3-12.3 Authenticated Remote Code Execution	CVE-2019-9193	Network Scanner	Apr 6, 2024	High	7.2	No
QNAP QTS and QuTS Hero - OS Command Injection	CVE-2023-47218	Network Scanner	Apr 5, 2024	High	8.3	No
Telesquare TLR-2005KSH - Remote Command Execution	CVE-2024-29269	Network Scanner	Apr 5, 2024	High	9.8	No
NagiosXI <= 5.4.12 menuaccess.php - SQL injection	CVE-2018-10738	Network Scanner	Apr 4, 2024	High	7.2	No
MySQL - Authentication Bypass	CVE-2012-2122	Network Scanner	Apr 4, 2024	Medium	5.1	No