Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 15.043 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 161 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 15.043

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Langflow AI - Unauthenticated Remote Code Execution CVE-2025-3248	Network Scanner	Apr 11, 2025	Critical(9.8)	No
Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation CVE-2025-2075	Network Scanner	Apr 11, 2025	High(8.8)	No
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation CVE-2025-1097	Network Scanner	Apr 11, 2025	High(8.8)	No
Sante PACS Server.exe - Path Traversal Information Disclosure CVE-2025-2264	Network Scanner	Apr 11, 2025	High(7.5)	No
MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads CVE-2025-31489	Network Scanner	Apr 11, 2025	High	No
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations CVE-2025-1098	Network Scanner	Apr 11, 2025	High(8.8)	No
LDAP Anonymous Login	Network Scanner	Apr 11, 2025	Medium	No
cPanel Configuration - File Disclosure	Network Scanner	Apr 11, 2025	Medium	No
UNA CMS 14.0.0-RC - PHP Object Injection CVE-2025-32101	Network Scanner	Apr 11, 2025	Critical	No
DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure	Network Scanner	Apr 11, 2025	High	No
GeoVision GV-SNVR0811 - Directory Traversal	Network Scanner	Apr 11, 2025	High	No
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation CVE-2025-24514	Network Scanner	Apr 11, 2025	High(8.8)	No
Vite Development Server - Path Traversal CVE-2025-31125	Network Scanner	Apr 9, 2025	Medium(5.3)	No
WordPress Download Manager - File Password Exposure CVE-2023-6421	Network Scanner	Apr 9, 2025	Medium(5.3)	No
Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization CVE-2024-3300	Network Scanner	Apr 9, 2025	Critical(9)	No
Fortinet Authentication Bypass CVE-2024-55591	Network Scanner	Apr 8, 2025	Critical(9.8)	No
WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting CVE-2022-2168	Network Scanner	Apr 8, 2025	Medium(6.1)	No
User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation CVE-2025-2563	Network Scanner	Apr 8, 2025	Critical(9.8)	No
Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component CVE-2025-29085	Network Scanner	Apr 8, 2025	Critical(9.8)	No
Response Header Injection	Website Scanner	Apr 7, 2025	High	No
FastCGI Configuration - File Disclosure	Network Scanner	Apr 5, 2025	Medium	No
WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure CVE-2024-13126	Network Scanner	Apr 5, 2025	Medium(5.3)	No
System Dashboard < 2.8.10 - Cross-Site Scripting CVE-2023-7246	Network Scanner	Apr 5, 2025	Medium(5.4)	No
Shield Security Plugin < 20.0.6 - Cross-Site Scripting CVE-2024-7313	Network Scanner	Apr 5, 2025	Medium(6.1)	No
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File CVE-2024-10486	Network Scanner	Apr 5, 2025	Medium(5.3)	No