Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.245 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 177 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 852

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	CVSSv3	EPSS Score	EPSS Percentile	Exploitable with Sniper
ThinkPHP < 3.2.4 - Remote Code Execution CVE-2019-9082	Network Scanner	Dec 25, 2025	High(8.8)	0.95	1	No
Gladinet CentreStack & Triofox - Hardcoded Credentials CVE-2025-14611	Network Scanner	Dec 19, 2025	Critical(9.8)	0.35	0.97	No
Zoho ManageEngine ServiceDesk Plus - Authentication Bypass CVE-2021-37415	Network Scanner	Dec 11, 2025	Critical(9.8)	0.93	1	No
React Server Components - Remote Code Execution (React2Shell) CVE-2025-55182	Network Scanner	Dec 9, 2025	Critical(10)	0.47	0.98	Yes
React Server Components - Remote Code Execution CVE-2025-55182	Network Scanner	Dec 5, 2025	Critical(10)	0.47	0.98	No
Fortinet FortiWeb - Authentication Bypass & Remote Code Execution CVE-2025-64446 CVE-2025-58034	Network Scanner	Dec 2, 2025	Critical(9.8)	0.88	1	Yes
GeoServer - XML External Entity Injection CVE-2025-58360	Network Scanner	Nov 27, 2025	High(8.2)	0.83	1	No
Zimbra - Cross-Site Scripting via ICS Files CVE-2025-27915	Network Scanner	Nov 25, 2025	Medium(5.4)	0.3	0.97	No
Oracle Identity Manager REST WebServices - Authentication Bypass CVE-2025-61757	Network Scanner	Nov 21, 2025	Critical(9.8)	0.81	1	No
Microsoft SharePoint Server - Authentication Bypass CVE-2025-49706	Network Scanner	Nov 21, 2025	Medium(6.5)	0.73	0.99	No
FortiWeb - Authentication Bypass CVE-2025-64446	Network Scanner	Nov 15, 2025	Critical(9.8)	0.88	1	No
Triofox - Improper Access Control CVE-2025-12480	Network Scanner	Nov 12, 2025	Critical(9.8)	0.79	0.99	No
Oracle WebLogic Server - Remote Code Execution (Insecure Deserialization) CVE-2020-14644	Network Scanner	Nov 6, 2025	Critical(9.8)	0.94	1	No
Oracle E-Business Suite - Remote Code Execution CVE-2025-61882	Network Scanner	Nov 4, 2025	Critical(9.8)	0.8	1	Yes
FortiManager Unauthenticated Remote Code Execution CVE-2024-47575	Network Scanner	Nov 1, 2025	Critical(9.8)	0.94	1	No
Zimbra Collaboration - Cross-Site Scripting (XSS) CVE-2024-27443	Network Scanner	Oct 31, 2025	Medium(6.1)	0.27	0.97	No
Oracle E-Business Suite - Server-Side Request Forgery CVE-2025-61884	Network Scanner	Oct 31, 2025	High(7.5)	0.45	0.98	No
Zimbra Collaboration Suite - Cross-site Scripting CVE-2018-6882	Network Scanner	Oct 31, 2025	Medium(6.8)	0.62	0.99	No
Windows Server Update Service - Insecure Deserialization CVE-2025-59287	Network Scanner	Oct 30, 2025	Critical(9.8)	0.76	0.99	No
VMware vCenter Server - Out-of-Bounds Write CVE-2023-34048	Network Scanner	Oct 30, 2025	Critical(9.8)	0.94	1	No
Adobe Experience Manager Forms - Insecure Deserialization CVE-2025-54253	Network Scanner	Oct 28, 2025	Critical(10)	0.49	0.98	No
Mitel MiCollab - Information Disclosure & Denial of Service CVE-2022-26143	Network Scanner	Oct 28, 2025	Critical(9.8)	0.9	1	No
Adobe Commerce - Authentication Bypass CVE-2025-54236	Network Scanner	Oct 27, 2025	Critical(9.1)	0.6	0.99	No
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) CVE-2025-2747	Network Scanner	Oct 25, 2025	Critical(9.8)	0.89	1	No
Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution CVE-2017-18362	Network Scanner	Oct 25, 2025	Critical(9.8)	0.82	1	No

Vulnerability & Exploit Database

One of EMEA's fastest-growing tech companies.

50,000+ security folks are here. Are you?

More than demos - real faces, real insight.

Security leaders trust what they can prove