Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 17.078 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 190 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 16.936

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	CVSSv3	EPSS Score	EPSS Percentile	Exploitable with Sniper
UniFi OS Server - Command Injection CVE-2026-34910	Network Scanner	Jun 9, 2026	Critical(10)	0.01	0.28	No
Dozzle - Server Side Request Forgery CVE-2026-45298	Network Scanner	Jun 9, 2026	High(8.6)	0.01	0.08	No
changedetection.io <= 0.52.9 - Unauthenticated Path Traversal CVE-2026-25527	Network Scanner	Jun 9, 2026	Medium(5.3)	0.02	0.82	No
WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection CVE-2026-5073	Network Scanner	Jun 9, 2026	High(7.5)	0.01	0.25	No
dotCMS Core Publish Audit API - Unauthenticated SQL Injection CVE-2026-8054	Network Scanner	Jun 9, 2026	Critical	0.01	0.65	No
Milvus - Unauthenticated Metrics API Access CVE-2026-26190	Network Scanner	Jun 8, 2026	Critical(9.8)	0.16	0.95	No
PrestaShop lgcookieslaw - SQL Injection CVE-2022-44727	Network Scanner	Jun 8, 2026	Critical(9.8)	0.21	0.96	No
phpBB - Authentication bypass CVE-2026-000000	Network Scanner	Jun 8, 2026	Critical(9.4)	N/A	N/A	No
MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes CVE-2026-2652	Network Scanner	Jun 5, 2026	High(8.6)	0.02	0.81	No
Starlette - Improper Validation of Unsafe Equivalence in Input CVE-2026-48710	Network Scanner	Jun 5, 2026	Medium(6.5)	0.01	0.58	No
Open WebUI 'LDAP Empty Password' - Authentication Bypass CVE-2026-44551	Network Scanner	Jun 5, 2026	Critical(9.1)	0.03	0.87	No
Label Studio < 1.18.0 - Reflected XSS CVE-2025-47783	Network Scanner	Jun 4, 2026	Medium(6.1)	0.01	0.77	No
Scramble Laravel - Remote Code Execution CVE-2026-44262	Network Scanner	Jun 3, 2026	Critical(9.4)	0.09	0.93	No
Bitrix Site Management 2.x - Open Redirect CVE-2008-2052	Network Scanner	Jun 3, 2026	Medium(6.1)	0.02	0.8	No
DataEase < 2.10.10 - JWT Authentication Bypass CVE-2025-49001	Network Scanner	Jun 3, 2026	Critical(9.8)	0.08	0.92	No
Windmill/Nextcloud Flow < 1.603.3 - Unauthenticated Path Traversal CVE-2026-29059	Network Scanner	Jun 3, 2026	Critical(10)	0.24	0.97	No
E-Learning System 1.0 - SQL Injection CVE-2021-3239	Network Scanner	Jun 3, 2026	Critical(9.8)	0.63	0.99	No
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery CVE-2020-36884	Network Scanner	Jun 3, 2026	Medium	0.05	0.9	No
LiteLLM - Command Injection CVE-2026-42271	Network Scanner	Jun 3, 2026	Critical(9.8)	0.61	0.99	No
Open WebUI < 0.9.5 - Information Disclosure CVE-2026-45397	Network Scanner	Jun 3, 2026	Medium(5.3)	0.02	0.79	No
YesWiki - Cross-Site Scripting	Network Scanner	Jun 3, 2026	High	N/A	N/A	No
WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution CVE-2025-13773	Network Scanner	Jun 3, 2026	Critical(9.8)	0.09	0.93	No
Palo Alto Networks PAN-OS - Authentication Bypass CVE-2026-0257	Network Scanner	Jun 2, 2026	Critical(9.1)	0.59	0.99	No
JoomSport <= 5.7.7 - SQL Injection CVE-2026-42647	Network Scanner	Jun 1, 2026	Critical(9.3)	N/A	N/A	No
WordPress FluentCRM <= 2.9.87 - Unauthenticated Blind SSRF CVE-2026-7798	Network Scanner	Jun 1, 2026	Medium(5.4)	0.01	0.76	No

Vulnerability & Exploit Database

One of EMEA's fastest-growing tech companies

Independently audited company-wide ISMS

50,000+ security folks are here. Are you?

Security leaders trust what they can prove