Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.421 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 177 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 16.279

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	CVSSv3	EPSS Score	EPSS Percentile	Exploitable with Sniper
Western Digital My Cloud Multiple Products Man in the middle Vulnerability (WDC-25009) CVE-2025-26465	Network Scanner	Jan 21, 2026	Medium(6.8)	0.65	0.99	No
CMP WordPress < 4.0.19 - Broken Access Control CVE-2022-0188	Network Scanner	Jan 19, 2026	Medium(5.3)	0.18	0.95	No
Flask Debug Toolbar - Exposure	Network Scanner	Jan 19, 2026	Medium	N/A	N/A	No
Ocean Extra <= 2.4.6 - Unauthenticated Shortcode Execution CVE-2025-3472	Network Scanner	Jan 19, 2026	Medium(6.5)	0.18	0.95	No
Jakefile Build Configuration - Disclosure	Network Scanner	Jan 19, 2026	Medium	N/A	N/A	No
Ektron CMS Blogs xmlrpc.aspx - XML External Entity Injection	Network Scanner	Jan 19, 2026	High	N/A	N/A	No
Kanboard - SQLite Database Exposure	Network Scanner	Jan 19, 2026	High	N/A	N/A	No
Dot Credentials - Exposure	Network Scanner	Jan 18, 2026	High	N/A	N/A	No
PEAR Registry Files Exposed	Network Scanner	Jan 18, 2026	Low	N/A	N/A	No
Drupal - Source Code Disclosure	Network Scanner	Jan 18, 2026	Medium	N/A	N/A	No
Modular DS - Broken Access Control CVE-2026-23550	Network Scanner	Jan 16, 2026	High(10)	0.07	0.91	No
Administrate Dashboard Exposure	Network Scanner	Jan 16, 2026	High	N/A	N/A	No
Zipkin Configuration - Exposure	Network Scanner	Jan 16, 2026	Low	N/A	N/A	No
JHipster Platform - Default Login	Network Scanner	Jan 16, 2026	High	N/A	N/A	No
WordPress Data Source for Contact Form 7 - Full Path Disclosure	Network Scanner	Jan 16, 2026	Low	N/A	N/A	No
XWiki DeleteApplication - Cross-Site Scripting CVE-2025-66472	Network Scanner	Jan 16, 2026	Medium(6.1)	0.02	0.81	No
Firebase Cloud Messaging - Server Key Disclosure	Network Scanner	Jan 16, 2026	Medium	N/A	N/A	No
Eveo URVE Web Manager - Server-Side Request Forgery CVE-2025-36845	Network Scanner	Jan 16, 2026	High(8.6)	0.05	0.9	No
eXist-DB Dashboard Access	Network Scanner	Jan 16, 2026	High	N/A	N/A	No
WordPress a3 Lazy Load - Full Path Disclosure	Network Scanner	Jan 16, 2026	Low	N/A	N/A	No
ASP.NET Launch Settings - Exposure	Network Scanner	Jan 16, 2026	Medium	N/A	N/A	No
AWS CodeBuild Build Spec - Exposure	Network Scanner	Jan 16, 2026	Low	N/A	N/A	No
Shopware < 5.5.8 - Cross-Site Scripting CVE-2019-12935	Network Scanner	Jan 16, 2026	High(7.4)	0.04	0.88	No
CakePHP - Debug Kit Toolbar Exposure	Network Scanner	Jan 16, 2026	Medium	N/A	N/A	No
WordPress Gravity Forms - Log File Disclosure	Network Scanner	Jan 16, 2026	Low	N/A	N/A	No

Vulnerability & Exploit Database

One of EMEA's fastest-growing tech companies.

50,000+ security folks are here. Are you?

More than demos - real faces, real insight.

Security leaders trust what they can prove