Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 15.049 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 161 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 14.907

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
NTFY Web - Exposure	Network Scanner	Apr 21, 2025	Medium	No
elFinder 2.1.58 - Remote Code Execution	Network Scanner	Apr 16, 2025	Critical	No
Firebase database detected	Network Scanner	Apr 16, 2025	Low	No
DWR detect test page	Network Scanner	Apr 16, 2025	Low	No
Elasticsearch - SQL Client	Network Scanner	Apr 16, 2025	Low	No
Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE CVE-2025-30406	Network Scanner	Apr 15, 2025	Critical(9.8)	No
LDAP Anonymous Login	Network Scanner	Apr 11, 2025	Medium	No
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations CVE-2025-1098	Network Scanner	Apr 11, 2025	High(8.8)	No
cPanel Configuration - File Disclosure	Network Scanner	Apr 11, 2025	Medium	No
GeoVision GV-SNVR0811 - Directory Traversal	Network Scanner	Apr 11, 2025	High	No
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation CVE-2025-1097	Network Scanner	Apr 11, 2025	High(8.8)	No
Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation CVE-2025-2075	Network Scanner	Apr 11, 2025	High(8.8)	No
Sante PACS Server.exe - Path Traversal Information Disclosure CVE-2025-2264	Network Scanner	Apr 11, 2025	High(7.5)	No
DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure	Network Scanner	Apr 11, 2025	High	No
MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads CVE-2025-31489	Network Scanner	Apr 11, 2025	High	No
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation CVE-2025-24514	Network Scanner	Apr 11, 2025	High(8.8)	No
UNA CMS 14.0.0-RC - PHP Object Injection CVE-2025-32101	Network Scanner	Apr 11, 2025	Critical	No
Langflow AI - Unauthenticated Remote Code Execution CVE-2025-3248	Network Scanner	Apr 11, 2025	Critical(9.8)	No
Vite Development Server - Path Traversal CVE-2025-31125	Network Scanner	Apr 9, 2025	Medium(5.3)	No
WordPress Download Manager - File Password Exposure CVE-2023-6421	Network Scanner	Apr 9, 2025	Medium(5.3)	No
Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization CVE-2024-3300	Network Scanner	Apr 9, 2025	Critical(9)	No
User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation CVE-2025-2563	Network Scanner	Apr 8, 2025	Critical(9.8)	No
Fortinet Authentication Bypass CVE-2024-55591	Network Scanner	Apr 8, 2025	Critical(9.8)	No
Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component CVE-2025-29085	Network Scanner	Apr 8, 2025	Critical(9.8)	No
WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting CVE-2022-2168	Network Scanner	Apr 8, 2025	Medium(6.1)	No