Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 17.109 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 190 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 16.967

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	CVSSv3	EPSS Score	EPSS Percentile	Exploitable with Sniper
mcp-atlassian < 0.17.0 - Server-Side Request Forgery CVE-2026-27826	Network Scanner	Jun 18, 2026	High(8.2)	0.02	0.65	No
OpenCATS - Command Injection CVE-2026-27760	Network Scanner	Jun 18, 2026	High(8.1)	0.02	0.76	No
DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting CVE-2025-61224	Network Scanner	Jun 17, 2026	Medium(6.1)	0.02	0.59	No
SiYuan Note <= 3.6.5 - Authentication Bypass CVE-2026-54069	Network Scanner	Jun 17, 2026	Critical(9.1)	0.01	0.03	No
Campaign Monitor for WordPress - Information Disclosure CVE-2024-6569	Network Scanner	Jun 17, 2026	Medium(5.3)	0.01	0.54	No
OpenBullet2 <= 0.3.2 - Authentication Bypass CVE-2026-25555	Network Scanner	Jun 17, 2026	Critical(9.8)	0.03	0.85	No
Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass CVE-2026-50751	Network Scanner	Jun 17, 2026	Critical(10)	0.42	0.99	No
UpdraftPlus WP Backup & Migration Plugin - Authentication Bypass CVE-2026-10795	Network Scanner	Jun 16, 2026	High(8.1)	0.02	0.66	No
Splunk Enterprise & Cloud Platform - Unrestricted File Upload CVE-2026-20253	Network Scanner	Jun 15, 2026	Critical(9.8)	0.02	0.75	No
Piwigo < 16.3.0 - Unauthenticated Information Disclosure via History API CVE-2026-27833	Network Scanner	Jun 15, 2026	High(7.5)	0.02	0.66	No
Lyrion Music Server <= 9.2.0 - Cross-Site Scripting CVE-2026-50230	Network Scanner	Jun 15, 2026	Medium(6.1)	0.01	0.25	No
DbGate - Remote Code Execution via Dynamic Import Bypass CVE-2026-47670	Network Scanner	Jun 15, 2026	Critical(9.4)	0.01	0.53	No
W3 Total Cache < 2.8.2 - Log File Exposure CVE-2024-12008	Network Scanner	Jun 14, 2026	Medium(5.3)	0.03	0.79	No
Joomla! JCE extension < 2.9.99.5 unauthenticated RCE CVE-2026-48907	Network Scanner	Jun 14, 2026	Critical(10)	0.07	0.94	No
WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR CVE-2026-8839	Network Scanner	Jun 11, 2026	Medium(5.3)	0.01	0.53	No
Budibase - Admin Installer	Network Scanner	Jun 11, 2026	High	N/A	N/A	No
PraisonAI - Authentication Bypass CVE-2026-44338	Network Scanner	Jun 11, 2026	High(7.3)	0.2	0.97	No
WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE CVE-2026-49777	Network Scanner	Jun 11, 2026	Critical(10)	0.02	0.66	No
Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover CVE-2026-10580	Network Scanner	Jun 11, 2026	Critical(9.8)	0.02	0.76	No
phpMyFAQ <= 4.1.1 - SQL Injection CVE-2026-46364	Network Scanner	Jun 11, 2026	Critical(9.8)	0.02	0.67	No
SiYuan <= v3.6.1 - Path Traversal CVE-2026-33476	Network Scanner	Jun 11, 2026	High(7.5)	0.04	0.88	No
WP User Manager – User Profile Builder & Membership - Local File Inclusion CVE-2026-9290	Network Scanner	Jun 11, 2026	High(7.5)	0.02	0.77	No
MuleSoft DataWeave Interactive Learning Environment - Unauthenticated Access	Network Scanner	Jun 11, 2026	High	N/A	N/A	No
Dgraph <= 25.3.2 - Admin Token Disclosure CVE-2026-41492	Network Scanner	Jun 11, 2026	Critical(9.8)	0.02	0.77	No
Everest Forms Pro <= 1.9.12 - Unauthenticated RCE via Calculation Formula Injection CVE-2026-3300	Network Scanner	Jun 11, 2026	Critical(9.8)	0.05	0.91	No

Vulnerability & Exploit Database

One of EMEA's fastest-growing tech companies

Independently audited company-wide ISMS

50,000+ security folks are here. Are you?

Security leaders trust what they can prove