Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.

We detect more than 15,000 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 114 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Pentest-Tools.com Vulnerabilities

VMware Aria Operations for Networks - Remote Code Execution	CVE-2023-34039	Network Scanner	Sep 2023	Sep 2023	Critical	9.8	Yes
Citrix ADC Gateway - Authentication Bypass	CVE-2022-27510	Network Scanner	Sep 2023	Sep 2023	Critical	9.8	No
Cloudpanel - Remote Code Execution	CVE-2023-35885	Network Scanner	Sep 2023	Sep 2023	Critical	9.8	Yes
Citrix ADC Gateway - Remote Code Execution	CVE-2022-27518	Network Scanner	Sep 2023	Sep 2023	Critical	9.8	No
Adobe ColdFusion - Remote Code Execution	CVE-2023-29300	Network Scanner	Sep 2023	Sep 2023	Critical	9.8	Yes
WAGO - Remote Code Execution	CVE-2023-1698	Network Scanner	Sep 2023	Sep 2023	Critical	9.8	Yes
OpenTSDB - Remote Code Execution	CVE-2023-25826	Network Scanner	Aug 2023	Aug 2023	Critical	9.8	Yes
Metabase - Remote Code Execution	CVE-2023-38646	Network Scanner	Aug 2023	Aug 2023	Critical	9.8	Yes
Citrix ADC Gateway - Remote Code Execution	CVE-2023-3519	Network Scanner	Aug 2023	Aug 2023	Critical	9.8	Yes
Chamilo - Remote Code Execution	CVE-2023-34960	Network Scanner	Aug 2023	Aug 2023	Critical	9.8	Yes
Ivanti Endpoint Manager Mobile (EPMM) - Unauthenticated API Access	CVE-2023-35078	Network Scanner	Aug 2023	Aug 2023	Critical	10	Yes
Apache RocketMQ - Remote Code Execution	CVE-2023-33246	Network Scanner	Aug 2023	Aug 2023	Critical	9.8	Yes
Nuxt Framework - Remote Code Execution	CVE-2023-3224	Network Scanner	Jul 2023	Jul 2023	Critical	9.8	Yes
TerraMaster RCE	CVE-2022-24990	Network Scanner	Jul 2023	Jul 2023	High	7.5	Yes
Gitlab - Arbitrary File Read	CVE-2023-2825	Network Scanner	Jul 2023	Jul 2023	High	7.5	Yes
Moveit Transfer - SQLi	CVE-2023-34362	Network Scanner	Jun 2023	Jun 2023	Critical	9.8	No
PaperCut - Unauthenticated Remote Code Execution	CVE-2023-27350	Network Scanner	May 2023	May 2023	Critical	9.8	Yes
Oracle E-Business Suite - Remote Code Execution	CVE-2022-21587	Network Scanner	May 2023	May 2023	Critical	9.8	Yes
Sophos Web Appliance - Remote Code Execution	CVE-2023-1671	Network Scanner	May 2023	May 2023	Critical	9.8	Yes
vBulletin - Remote Code Execution	CVE-2023-25135	Network Scanner	May 2023	May 2023	Critical	9.8	Yes
Microsoft MSMQ - Remote Code Execution	CVE-2023-21554	Network Scanner	May 2023	May 2023	Critical	9.8	No
Oracle WebLogic - Remote Code Execution	CVE-2020-2555	Network Scanner	May 2023	May 2023	Critical	9.8	Yes
Liferay Portal - Remote Code Execution	CVE-2020-7961	Network Scanner	May 2023	May 2023	Critical	9.8	Yes
Oracle WebLogic - Remote Code Execution	CVE-2020-2883	Network Scanner	May 2023	May 2023	Critical	9.8	Yes
Minio - Information Disclosure	CVE-2023-28432	Network Scanner	Apr 2023	Apr 2023	High	7.5	Yes
Zimbra - Remote Code Execution	CVE-2022-41352	Network Scanner	Apr 2023	Apr 2023	Critical	9.8	Yes
Oracle WebLogic - Remote Code Execution	CVE-2023-21839	Network Scanner	Apr 2023	Apr 2023	High	7.5	Yes
Jira - Remote Code Execution	CVE-2019-11581	Network Scanner	May 2022	Mar 2023	Critical	9.8	Yes
Joomla - Improper Access Execution	CVE-2023-23752	Network Scanner	Mar 2023	Mar 2023	Medium	5.3	Yes
Apache Commons - Remote Code Execution	CVE-2022-42889	Network Scanner	Mar 2023	Mar 2023	Critical	9.8	Yes
Fortinet FortiNAC - Remote Code Execution	CVE-2022-39952	Network Scanner	Mar 2023	Mar 2023	Critical	9.8	No
Cacti - Remote Code Execution	CVE-2022-46169	Network Scanner	Feb 2023	Feb 2023	Critical	9.8	Yes
GoAnywhere MFT - Remote Code Execution	CVE-2023-0669	Network Scanner	Feb 2023	Feb 2023	High	7.2	Yes
CentOS Web Panel - Remote Code Execution	CVE-2022-44877	Network Scanner	Feb 2023	Feb 2023	Critical	9.8	Yes
ManageEngine - Remote Code Execution	CVE-2022-47966	Network Scanner	Feb 2023	Feb 2023	Critical	9.8	Yes
GLPI - Remote Code Execution	CVE-2022-35914	Network Scanner	Jan 2023	Jan 2023	Critical	9.8	Yes
Webmin - Remote Code Execution	CVE-2019-15107	Network Scanner	Jan 2023	Jan 2023	Critical	9.8	Yes
Cisco Small Business RV Series - Remote Code Execution	CVE-2021-1472	Network Scanner	Jan 2023	Jan 2023	Critical	9.8	Yes
Cisco Small Business RV Series - Information Disclosure	CVE-2019-1653	Network Scanner	Dec 2022	Dec 2022	High	7.5	Yes
Apache APISIX - Remote Code Execution	CVE-2022-24112	Network Scanner	Dec 2022	Dec 2022	Critical	9.8	Yes
pfSense pfBlocker-NG - Remote Code Execution	CVE-2022-31814	Network Scanner	Dec 2022	Dec 2022	Critical	9.8	Yes
Node.js - Remote Code Execution	CVE-2022-29078	Network Scanner	Nov 2022	Nov 2022	Critical	9.8	Yes
WordPress - Server Side Request Forgery	CVE-2022-1386	Network Scanner	Nov 2022	Nov 2022	Critical	9.8	Yes
FortiOS, FortiProxy and FortiSwitchManager - Authentication Bypass	CVE-2022-40684	Network Scanner	Oct 2022	Oct 2022	Critical	9.6	Yes
Microsoft Exchange - Remote Code Execution (ProxyNotShell - CVE-2022-41040, CVE-2022-41082)	CVE-2022-41040 CVE-2022-41082	Network Scanner	Oct 2022	Oct 2022	High	8.8	No
Bitbucket Server & Data Center - Remote Code Execution	CVE-2022-36804	Network Scanner	Oct 2022	Oct 2022	High	8.8	Yes
ManageEngine Password Manager Pro & PAM360 - Remote Code Execution	CVE-2022-35405	Network Scanner	Sep 2022	Sep 2022	Critical	9.8	Yes
Jenkins - Remote Code Execution (CVE-2018-1000861, CVE-2019-1003005, CVE-2019-1003029)	CVE-2018-1000861 CVE-2019-1003005 CVE-2019-1003029	Network Scanner	Sep 2022	Sep 2022	Critical	9.9	Yes
Gitlab CE/EE - Remote Code Execution	CVE-2022-2884	Network Scanner	Sep 2022	Sep 2022	Critical	9.9	No
Django - SQL Injection	CVE-2022-34265	Network Scanner	Aug 2022	Aug 2022	Critical	9.8	No
Apache - Memory Corruption	CVE-2020-9490	Network Scanner	Aug 2022	Aug 2022	High	7.5	No
Jira - Arbitrary File Read	CVE-2020-29453	Network Scanner	Aug 2022	Aug 2022	Medium	5.3	Yes
Zimbra ZCS - Remote Code Execution (CVE-2022-27925,CVE-2022-37042)	CVE-2022-27925 CVE-2022-37042	Network Scanner	Aug 2022	Aug 2022	Critical	9.8	Yes
Jira - Arbitrary File Read	CVE-2021-26086	Network Scanner	Aug 2022	Aug 2022	Medium	5.3	Yes
VMware Workspace One - Arbitrary File Read	CVE-2022-31656	Network Scanner	Aug 2022	Aug 2022	Critical	9.8	Yes
BlueKeep - Remote Code Execution	CVE-2019-0708	Network Scanner	Aug 2022	Aug 2022	Critical	9.8	No
Jira - Arbitrary File Read	CVE-2019-8442	Network Scanner	Aug 2022	Aug 2022	High	7.5	Yes
Jira - Information Disclosure	CVE-2020-14179	Network Scanner	Aug 2022	Aug 2022	Medium	5.3	Yes
Atlassian Confluence - Arbitrary File Read	CVE-2021-26085	Network Scanner	Aug 2022	Aug 2022	Medium	5.3	Yes
Drupal - Remote Code Execution	CVE-2018-7600	Network Scanner	May 2022	Aug 2022	Critical	9.8	Yes
Kibana - Remote Code Execution	CVE-2019-7609	Network Scanner	Jul 2022	Jul 2022	Critical	10	Yes
Microsoft SharePoint - Remote Code Execution	CVE-2019-0604	Network Scanner	Jul 2022	Jul 2022	Critical	9.8	Yes
Spring - Remote Code Execution	CVE-2022-22980	Network Scanner	Jul 2022	Jul 2022	Critical	9.8	No
Atlassian Crowd - Remote Code Execution	CVE-2019-11580	Network Scanner	Jul 2022	Jul 2022	Critical	9.8	Yes
Atlassian Confluence - Remote Code Execution	CVE-2021-26084	Network Scanner	Sep 2021	Jul 2022	Critical	9.8	Yes
Pulse Secure - Local File Inclusion	CVE-2019-11510	Network Scanner	Sep 2021	Jul 2022	Critical	10	Yes
Drupal Core - Remote Code Execution	CVE-2019-6340	Network Scanner	Jul 2022	Jul 2022	High	8.1	Yes
F5 BIG-IP - Remote Code Execution	CVE-2022-1388	Network Scanner	May 2022	Jun 2022	Critical	9.8	Yes
Atlassian Confluence - Remote Code Execution	CVE-2022-26134	Network Scanner	Jun 2022	Jun 2022	Critical	9.8	Yes
ZyXEL Firewall - Unauthenticated Remote Command Injection	CVE-2022-30525	Network Scanner	Jun 2022	Jun 2022	Critical	9.8	Yes
Gitlab CE/EE - Remote Code Execution	CVE-2021-22205	Network Scanner	Nov 2021	Jun 2022	Critical	10	Yes
Zabbix - Authentication Bypass and Remote Code Execution	CVE-2022-23131	Network Scanner	Mar 2022	Jun 2022	Critical	9.8	Yes
DotCMS - Remote Code Execution	CVE-2022-26352	Network Scanner	Jun 2022	Jun 2022	Critical	9.8	Yes
Jira - Authentication Bypass	CVE-2022-0540	Network Scanner	May 2022	May 2022	Critical	9.8	No
F5 BIG-IP - Remote Code Execution	CVE-2020-5902	Network Scanner	Aug 2021	May 2022	Critical	9.8	Yes
F5 BIG-IP - Remote Code Execution	CVE-2021-22986	Network Scanner	Dec 2021	May 2022	Critical	9.8	Yes
Spring Core - Remote Code Execution (Spring4Shell - CVE-2022-22965)	CVE-2022-22965	Network Scanner	Apr 2022	May 2022	Critical	9.8	Yes
Grafana - Arbitrary File Read	CVE-2021-43798	Network Scanner	Jan 2022	May 2022	High	7.5	Yes
Oracle WebLogic - Local File Inclusion	CVE-2022-21371	Network Scanner	May 2022	May 2022	High	7.5	No
Apache Struts - Remote Code Execution	CVE-2020-17530	Network Scanner	Sep 2021	May 2022	Critical	9.8	Yes
VMware Workspace One - Remote Code Execution	CVE-2022-22954	Network Scanner	May 2022	May 2022	Critical	9.8	Yes
ManageEngine - Remote Code Execution	CVE-2021-44077	Network Scanner	May 2022	May 2022	Critical	9.8	Yes
Redis - Remote Code Execution	CVE-2022-0543	Network Scanner	May 2022	May 2022	Critical	10	Yes
Magento - Remote Code Execution	CVE-2022-24086	Network Scanner	Mar 2022	May 2022	Critical	9.8	Yes
WSO2 - Unrestricted File Upload and Remote Code Execution	CVE-2022-29464	Network Scanner	May 2022	May 2022	Critical	9.8	Yes
Apache Struts - Remote Code Execution	CVE-2021-31805	Network Scanner	May 2022	May 2022	Critical	9.8	Yes
Adobe Coldfusion - Remote Code Execution	CVE-2018-15961	Network Scanner	May 2022	May 2022	Critical	9.8	Yes
Microsoft Exchange - Remote Code Execution (ProxyLogon - CVE-2021-26855, CVE-2021-27065)	CVE-2021-26855 CVE-2021-27065	Network Scanner	May 2021	Apr 2022	Critical	9.8	Yes
Microsoft Exchange - ProxyLogon Backdoor Webshells (CVE-2021-26855, CVE-2021-27065)	CVE-2021-26855 CVE-2021-27065	Network Scanner	Mar 2021	Apr 2022	Critical	9.8	No
Spring Cloud Function - Remote Code Execution	CVE-2022-22963	Network Scanner	Apr 2022	Apr 2022	Critical	9.8	Yes
Spring Cloud Gateway - Remote Code Execution	CVE-2022-22947	Network Scanner	Mar 2022	Mar 2022	Critical	10	Yes
VMware vCenter - Remote Code Execution	CVE-2021-21985	Network Scanner	Sep 2021	Mar 2022	Critical	9.8	Yes
ManageEngine Desktop Central - Authentication Bypass and Remote Code Execution	CVE-2021-44515	Network Scanner	Mar 2022	Mar 2022	Critical	9.8	Yes
Microsoft EternalBlue - Remote Code Execution (MS17-010 - CVE-2017-0144)	CVE-2017-0144	Network Scanner	Mar 2022	Mar 2022	High	8.1	Yes
Apache Tomcat - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Mar 2022	Critical	10	Yes
Log4j - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Mar 2022	Critical	10	Yes
Log4j - Remote Code Execution (Log4Shell - CVE-2021-45046)	CVE-2021-45046	Network Scanner	Mar 2022	Mar 2022	Critical	9	No
Apache Struts - Remote Code Execution	CVE-2017-12611	Network Scanner	Mar 2022	Mar 2022	Critical	9.8	Yes
Apache Solr - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Mar 2022	Critical	10	No
MobileIron - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Mar 2022	Critical	10	No
Apache Flink - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Mar 2022	Critical	10	No
Apache Struts - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Mar 2022	Critical	10	Yes
VMware vCenter - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Feb 2022	Critical	10	No
Apache Druid - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Feb 2022	Critical	10	No
ManageEngine ADSelfService Plus - Remote Code Execution	CVE-2021-40539	Network Scanner	Oct 2021	Feb 2022	Critical	9.8	Yes
Oracle Weblogic - Remote Code Execution	CVE-2018-2894	Network Scanner	Feb 2022	Feb 2022	Critical	9.8	Yes
Apache Struts 2 - Remote Code Execution	CVE-2018-11776	Network Scanner	Feb 2022	Feb 2022	High	8.1	Yes
Oracle Weblogic - Path Traversal	CVE-2020-14882	Network Scanner	Feb 2022	Feb 2022	Critical	9.8	No
Oracle Weblogic - Remote Command Execution	CVE-2020-14883	Network Scanner	Feb 2022	Feb 2022	High	7.2	Yes
Log4j 1.x - Remote Code Execution	CVE-2019-17571	Network Scanner	Jan 2022	Jan 2022	Critical	9.8	Yes
Elasticsearch - Remote Code Execution (Log4Shell - CVE-2021-44228)	CVE-2021-44228	Network Scanner	Dec 2021	Jan 2022	Critical	10	No
Netgear - Admin Credentials Disclosure & Remote Code Execution (CVE-2020-17409, CVE-2020-27866)	CVE-2020-17409 CVE-2020-27866	Network Scanner	Jan 2022	Jan 2022	High	8.8	Yes
Apache MOD Proxy - Server Side Request Forgery	CVE-2021-40438	Network Scanner	Jan 2022	Jan 2022	Critical	9	No
Apache OFBiz - Remote Code Execution	CVE-2021-26295	Network Scanner	Feb 2021	Dec 2021	Critical	9.8	Yes
Node.js Systeminformation - Command Injection	CVE-2021-21315	Network Scanner	May 2021	Dec 2021	High	7.8	Yes
Sophos SG UTM - Remote Code Execution	CVE-2020-25223	Network Scanner	Sep 2021	Dec 2021	Critical	9.8	Yes
Apache Struts - Remote Code Execution	CVE-2017-9791	Network Scanner	Dec 2021	Dec 2021	Critical	9.8	Yes
Apache Struts 2 - Remote Code Execution	CVE-2019-0230	Network Scanner	Dec 2021	Dec 2021	Critical	9.8	Yes
Apache Tomcat - Remote Code Execution	CVE-2017-12617	Network Scanner	Dec 2021	Dec 2021	High	8.1	Yes
Exim - Remote Code Execution	CVE-2019-10149	Network Scanner	Dec 2021	Dec 2021	Critical	9.8	Yes
Laravel - Remote Code Execution	CVE-2021-3129	Network Scanner	Dec 2021	Dec 2021	Critical	9.8	Yes
Apache Tomcat Server - Local File Inclusion	CVE-2020-1938	Network Scanner	Nov 2021	Nov 2021	Critical	9.8	Yes
Citrix ADC - Directory Traversal/Remote Code Execution	CVE-2019-19781	Network Scanner	Nov 2021	Nov 2021	Critical	9.8	Yes
Micro Focus OBM - Authentication Bypass	CVE-2020-11853	Network Scanner	Nov 2021	Nov 2021	High	8.8	No
Visual Tools DVR - Remote Code Execution	CVE-2021-42071	Network Scanner	Nov 2021	Nov 2021	Critical	9.8	Yes
Apache Server - Remote Code Execution (Shellshock - CVE-2014-6271)	CVE-2014-6271	Network Scanner	Nov 2021	Nov 2021	Critical	9.8	Yes
Node-Red - Local File Inclusion	CVE-2021-3223	Network Scanner	Oct 2021	Oct 2021	High	7.5	Yes
Microsoft Exchange - Reflected Cross-Site Scripting (ProxyOracle - CVE-2021-31195)	CVE-2021-31195	Network Scanner	Sep 2021	Oct 2021	High	8.8	No
Cisco ASA VPN/FTD - Arbitrary File Read	CVE-2020-3452	Network Scanner	Oct 2021	Oct 2021	High	7.5	Yes
Apache Server - Arbitrary File Read	CVE-2021-41773	Network Scanner	Oct 2021	Oct 2021	High	7.5	Yes
Apache Server - Remote Code Execution	CVE-2021-41773	Network Scanner	Oct 2021	Oct 2021	High	7.5	Yes
Apache Server - Arbitrary File Read	CVE-2021-42013	Network Scanner	Oct 2021	Oct 2021	Critical	9.8	Yes
Apache Server - Remote Code Execution	CVE-2021-42013	Network Scanner	Oct 2021	Oct 2021	Critical	9.8	Yes
FortiOS SSL VPN - Arbitrary File Read	CVE-2018-13379	Network Scanner	Aug 2021	Sep 2021	Critical	9.8	Yes
Azure OMI - Remote Code Execution (OMIGOD - CVE-2021-38647)	CVE-2021-38647	Network Scanner	Sep 2021	Sep 2021	Critical	9.8	Yes
Microsoft Exchange - Remote Code Execution (ProxyShell - CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)	CVE-2021-34473 CVE-2021-34523 CVE-2021-31207	Network Scanner	Sep 2021	Sep 2021	Critical	9.8	Yes
VMware vCenter - Remote Code Execution	CVE-2021-21972	Network Scanner	Apr 2021	Sep 2021	Critical	9.8	Yes
Citrix ADC - Reflected Code Injection	CVE-2020-8194	Network Scanner	Sep 2021	Sep 2021	Medium	6.5	Yes
Citrix ADC - Arbitrary File Read (CVE-2020-8193, CVE-2020-8195, CVE-2020-8196)	CVE-2020-8193 CVE-2020-8195 CVE-2020-8196	Network Scanner	Sep 2021	Sep 2021	Medium	6.5	Yes
Microsoft Exchange - Remote Code Execution (ProxyNotFound - CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483)	CVE-2021-28480 CVE-2021-28481 CVE-2021-28482 CVE-2021-28483	Network Scanner	May 2021	May 2021	Critical	9.8	No