Resources
Vulnerability & Exploit Database
This is the list of vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.
We detect more than 15,000 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 78 exploit modules in Sniper to validate the risk level of critical CVEs.
Display
Name | CVE | Detectable with | Published | Updated | Severity | CVSSv3 score | Exploitable with Sniper | Additional details |
|---|---|---|---|---|---|---|---|---|
| Node.js - Remote Code Execution | Network Scanner | Nov 2022 | Nov 2022 | Critical | 9.8 | Yes | ||
| WordPress - Server Side Request Forgery | Network Scanner | Nov 2022 | Nov 2022 | Critical | 9.8 | Yes | ||
| ManageEngine ADAudit Plus - XML External Entity Injection | Network Scanner | Oct 2022 | Oct 2022 | Critical | 9.8 | No | ||
 FortiOS, FortiProxy and FortiSwitchManager - Authentification Bypass | Network Scanner | Oct 2022 | Oct 2022 | Critical | 9.6 | Yes | ||
| Microsoft Exchange - Remote Code Execution | Network Scanner | Oct 2022 | Oct 2022 | High | 8.8 | No | ||
| Bitbucket Server & Data Center - Remote Code Execution | Network Scanner | Oct 2022 | Oct 2022 | High | 8.8 | Yes | ||
| Grafana - Authentication Bypass | Network Scanner | Oct 2022 | Oct 2022 | High | 7.3 | No | ||
| Sophos XG Firewall - Authentication Bypass | Network Scanner | Sep 2022 | Sep 2022 | Critical | 9.8 | No | ||
| ManageEngine Password Manager Pro & PAM360 - Remote Code Execution | Network Scanner | Sep 2022 | Sep 2022 | Critical | 9.8 | Yes | ||
| Jenkins - Remote Code Execution | Network Scanner | Sep 2022 | Sep 2022 | Critical | 9.9 | Yes | ||
| Gitlab CE/EE - Remote Code Execution | Network Scanner | Sep 2022 | Sep 2022 | Critical | 9.9 | No | ||
| ManageEngine ADSelfService Plus - Stored Cross-Site Scripting | Network Scanner | Aug 2022 | Aug 2022 | Medium | 6.1 | No | ||
| Apache - Memory Corruption | Network Scanner | Aug 2022 | Aug 2022 | High | 7.5 | No | ||
| Jira - Arbitrary File Read | Network Scanner | Aug 2022 | Aug 2022 | Medium | 5.3 | Yes | ||
| Zimbra ZCS - Remote Code Execution | Network Scanner | Aug 2022 | Aug 2022 | Critical | 9.8 | Yes | ||
| Jira - Arbitrary File Read | Network Scanner | Aug 2022 | Aug 2022 | Medium | 5.3 | Yes | ||
| VMware Workspace One - Arbitrary File Read | Network Scanner | Aug 2022 | Aug 2022 | Critical | 9.8 | Yes | ||
| BlueKeep - Remote Code Execution | Network Scanner | Aug 2022 | Aug 2022 | Critical | 9.8 | No | ||
| Django - SQL Injection | Network Scanner | Aug 2022 | Aug 2022 | Critical | 9.8 | No | ||
| Jira - Arbitrary File Read | Network Scanner | Aug 2022 | Aug 2022 | High | 7.5 | Yes | ||
| Jira - Information Disclosure | Network Scanner | Aug 2022 | Aug 2022 | Medium | 5.3 | Yes | ||
| Emlog - Path Disclosure | Network Scanner | Aug 2022 | Aug 2022 | High | 7.5 | No | ||
| Atlassian Confluence - Arbitrary File Read | Network Scanner | Aug 2022 | Aug 2022 | Medium | 5.3 | Yes | ||
| Cisco ASA and Cisco FTD - Cross-Site Scripting | Network Scanner | Aug 2022 | Aug 2022 | Medium | 6.1 | No | ||
| Atlassian Confluence - Authentication Bypass | Network Scanner | Aug 2022 | Aug 2022 | Critical | 9.8 | No | ||
| Drupal - Remote Code Execution | Network Scanner | May 2022 | Aug 2022 | Critical | 9.8 | Yes | ||
| Apache Tomcat Server - Open Redirect | Network Scanner | Aug 2022 | Aug 2022 | Medium | 4.3 | No | ||
| Microsoft SharePoint - Remote Code Execution | Network Scanner | Jul 2022 | Jul 2022 | Critical | 9.8 | Yes | ||
| Spring - Remote Code Execution | Network Scanner | Jul 2022 | Jul 2022 | Critical | 9.8 | No | ||
| Atlassian Crowd - Remote Code Execution | Network Scanner | Jul 2022 | Jul 2022 | Critical | 9.8 | Yes | ||
| Kibana - Remote Code Execution | Network Scanner | Jul 2022 | Jul 2022 | Critical | 10 | Yes | ||
| Atlassian Confluence - Remote Code Execution | Network Scanner | Sep 2021 | Jul 2022 | Critical | 9.8 | Yes | ||
| Pulse Secure - Local File Inclusion | Network Scanner | Sep 2021 | Jul 2022 | Critical | 10 | Yes | ||
| Drupal Core - Remote Code Execution | Network Scanner | Jul 2022 | Jul 2022 | High | 8.1 | Yes | ||
| F5 BIG-IP - Remote Code Execution | Network Scanner | May 2022 | Jun 2022 | Critical | 9.8 | Yes | ||
| Atlassian Confluence - Remote Code Execution | Network Scanner | Jun 2022 | Jun 2022 | Critical | 9.8 | Yes | ||
| ZyXEL Firewall - Unauthenticated Remote Command Injection | Network Scanner | Jun 2022 | Jun 2022 | Critical | 9.8 | Yes | ||
| Gitlab CE/EE - Remote Code Execution | Network Scanner | Nov 2021 | Jun 2022 | Critical | 10 | Yes | ||
| Zabbix - Authentication Bypass and Remote Code Execution | Network Scanner | Mar 2022 | Jun 2022 | Critical | 9.8 | Yes | ||
| DotCMS - Remote Code Execution | Network Scanner | Jun 2022 | Jun 2022 | Critical | 9.8 | Yes | ||
| F5 BIG-IP - Remote Code Execution | Network Scanner | Aug 2021 | May 2022 | Critical | 9.8 | Yes | ||
| F5 BIG-IP - Remote Code Execution | Network Scanner | Dec 2021 | May 2022 | Critical | 9.8 | Yes | ||
| Spring Core - Remote Code Execution | Network Scanner | Apr 2022 | May 2022 | Critical | 9.8 | Yes | ||
| Grafana - Arbitrary File Read | Network Scanner | Jan 2022 | May 2022 | High | 7.5 | Yes | ||
| Oracle WebLogic - Local File Inclusion | Network Scanner | May 2022 | May 2022 | High | 7.5 | No | ||
| Jira - Authentication Bypass | Network Scanner | May 2022 | May 2022 | Critical | 9.8 | No | ||
| Apache Struts - Remote Code Execution | Network Scanner | Sep 2021 | May 2022 | Critical | 9.8 | Yes | ||
| VMware Workspace One - Remote Code Execution | Network Scanner | May 2022 | May 2022 | Critical | 9.8 | Yes | ||
| ManageEngine - Remote Code Execution | Network Scanner | May 2022 | May 2022 | Critical | 9.8 | Yes | ||
| Redis - Remote Code Execution | Network Scanner | May 2022 | May 2022 | Critical | 10 | Yes | ||
| Magento - Remote Code Execution | Network Scanner | Mar 2022 | May 2022 | Critical | 9.8 | Yes | ||
| WSO2 - Unrestricted File Upload and Remote Code Execution | Network Scanner | May 2022 | May 2022 | Critical | 9.8 | Yes | ||
| Apache Struts - Remote Code Execution | Network Scanner | May 2022 | May 2022 | Critical | 9.8 | Yes | ||
| Adobe Coldfusion - Remote Code Execution | Network Scanner | May 2022 | May 2022 | Critical | 9.8 | Yes | ||
| Jira - Remote Code Execution | Network Scanner | May 2022 | May 2022 | Critical | 9.8 | No | ||
| Microsoft Exchange - Remote Code Execution | Network Scanner | May 2021 | Apr 2022 | Critical | 9.8 | Yes | ||
| Microsoft Exchange - ProxyLogon Backdoor Webshells | Network Scanner | Mar 2021 | Apr 2022 | Critical | 9.8 | No | ||
| Spring Cloud Function - Remote Code Execution | Network Scanner | Apr 2022 | Apr 2022 | Critical | 9.8 | Yes | ||
| Spring Cloud Gateway - Remote Code Execution | Network Scanner | Mar 2022 | Mar 2022 | Critical | 10 | Yes | ||
| VMware vCenter - Remote Code Execution | Network Scanner | Sep 2021 | Mar 2022 | Critical | 9.8 | Yes | ||
| ManageEngine Desktop Central - Authentication Bypass and Remote Code Execution | Network Scanner | Mar 2022 | Mar 2022 | Critical | 9.8 | Yes | ||
| Microsoft EternalBlue - Remote Code Execution | Network Scanner | Mar 2022 | Mar 2022 | High | 8.1 | Yes | ||
| Apache Tomcat - Remote Code Execution | Network Scanner | Dec 2021 | Mar 2022 | Critical | 10 | Yes | ||
| Log4j - Remote Code Execution | Network Scanner | Dec 2021 | Mar 2022 | Critical | 10 | Yes | ||
| Log4j - Remote Code Execution | Network Scanner | Mar 2022 | Mar 2022 | Critical | 9 | No | ||
| Apache Struts - Remote Code Execution | Network Scanner | Mar 2022 | Mar 2022 | Critical | 9.8 | Yes | ||
| Apache Solr - Remote Code Execution | Network Scanner | Dec 2021 | Mar 2022 | Critical | 10 | No | ||
| MobileIron - Remote Code Execution | Network Scanner | Dec 2021 | Mar 2022 | Critical | 10 | No | ||
| Apache Flink - Remote Code Execution | Network Scanner | Dec 2021 | Mar 2022 | Critical | 10 | No | ||
| Apache Struts - Remote Code Execution | Network Scanner | Dec 2021 | Mar 2022 | Critical | 10 | Yes | ||
| VMware vCenter - Remote Code Execution | Network Scanner | Dec 2021 | Feb 2022 | Critical | 10 | No | ||
| Apache Druid - Remote Code Execution | Network Scanner | Dec 2021 | Feb 2022 | Critical | 10 | No | ||
| ManageEngine ADSelfService Plus - Remote Code Execution | Network Scanner | Oct 2021 | Feb 2022 | Critical | 9.8 | Yes | ||
| Oracle Weblogic - Remote Code Execution | Network Scanner | Feb 2022 | Feb 2022 | Critical | 9.8 | Yes | ||
| Apache Struts 2 - Remote Code Execution | Network Scanner | Feb 2022 | Feb 2022 | High | 8.1 | Yes | ||
| Oracle Weblogic - Path Traversal | Network Scanner | Feb 2022 | Feb 2022 | Critical | 9.8 | No | ||
| Oracle Weblogic - Remote Command Execution | Network Scanner | Feb 2022 | Feb 2022 | High | 7.2 | Yes | ||
| Log4j 1.x - Remote Code Execution | Network Scanner | Jan 2022 | Jan 2022 | Critical | 9.8 | Yes | ||
| Elasticsearch - Remote Code Execution | Network Scanner | Dec 2021 | Jan 2022 | Critical | 10 | No | ||
| Netgear - Admin Credentials Disclosure & Remote Code Execution | Network Scanner | Jan 2022 | Jan 2022 | High | 8.8 | Yes | ||
| Apache MOD Proxy - Server Side Request Forgery | Network Scanner | Jan 2022 | Jan 2022 | Critical | 9 | No | ||
| Apache OFBiz - Remote Code Execution | Network Scanner | Feb 2021 | Dec 2021 | Critical | 9.8 | Yes | ||
| Node.js Systeminformation - Command Injection | Network Scanner | May 2021 | Dec 2021 | High | 7.8 | Yes | ||
| Sophos SG UTM - Remote Code Execution | Network Scanner | Sep 2021 | Dec 2021 | Critical | 9.8 | Yes | ||
| Apache Struts - Remote Code Execution | Network Scanner | Dec 2021 | Dec 2021 | Critical | 9.8 | Yes | ||
| Microsoft Exchange - Reflected Cross-Site Scripting | Network Scanner | Dec 2021 | Dec 2021 | Medium | 6.5 | No | ||
| Apache Struts 2 - Remote Code Execution | Network Scanner | Dec 2021 | Dec 2021 | Critical | 9.8 | Yes | ||
| Apache Tomcat - Remote Code Execution | Network Scanner | Dec 2021 | Dec 2021 | High | 8.1 | Yes | ||
| Exim - Remote Code Execution | Network Scanner | Dec 2021 | Dec 2021 | Critical | 9.8 | Yes | ||
| Laravel - Remote Code Execution | Network Scanner | Dec 2021 | Dec 2021 | Critical | 9.8 | Yes | ||
| Apache Tomcat Server - Local File Inclusion | Network Scanner | Nov 2021 | Nov 2021 | Critical | 9.8 | Yes | ||
| Citrix ADC - Directory Traversal/Remote Code Execution | Network Scanner | Nov 2021 | Nov 2021 | Critical | 9.8 | Yes | ||
| Micro Focus OBM - Authentication Bypass | Network Scanner | Nov 2021 | Nov 2021 | High | 8.8 | No | ||
| Visual Tools DVR - Remote Code Execution | Network Scanner | Nov 2021 | Nov 2021 | Critical | 9.8 | Yes | ||
| Apache Server - Remote Code Execution | Network Scanner | Nov 2021 | Nov 2021 | Critical | 9.8 | Yes | ||
| Node-Red - Local File Inclusion | Network Scanner | Oct 2021 | Oct 2021 | High | 7.5 | Yes | ||
| Microsoft Exchange - Reflected Cross-Site Scripting | Network Scanner | Sep 2021 | Oct 2021 | High | 8.8 | No | ||
| Cisco ASA VPN/FTD - Arbitrary File Read | Network Scanner | Oct 2021 | Oct 2021 | High | 7.5 | Yes | ||
| Apache Server - Arbitrary File Read | Network Scanner | Oct 2021 | Oct 2021 | High | 7.5 | Yes | ||
| Apache Server - Remote Code Execution | Network Scanner | Oct 2021 | Oct 2021 | High | 7.5 | Yes | ||
| Apache Server - Arbitrary File Read | Network Scanner | Oct 2021 | Oct 2021 | Critical | 9.8 | Yes | ||
| Apache Server - Remote Code Execution | Network Scanner | Oct 2021 | Oct 2021 | Critical | 9.8 | Yes | ||
| FortiOS SSL VPN - Arbitrary File Read | Network Scanner | Aug 2021 | Sep 2021 | Critical | 9.8 | Yes | ||
| Azure OMI - Remote Code Execution | Network Scanner | Sep 2021 | Sep 2021 | Critical | 9.8 | Yes | ||
| Cisco ASA VPN and Cisco FTD - Unauthenticated Arbitrary File Deletion | Network Scanner | Sep 2021 | Sep 2021 | Critical | 9.1 | No | ||
| VMware vCenter - Remote Code Execution | Network Scanner | Sep 2021 | Sep 2021 | Critical | 9.8 | No | ||
| Microsoft Exchange - Remote Code Execution | Network Scanner | Sep 2021 | Sep 2021 | Critical | 9.8 | Yes | ||
| VMware vCenter - Remote Code Execution | Network Scanner | Apr 2021 | Sep 2021 | Critical | 9.8 | Yes | ||
| Modern Events Calendar Lite Wordpress Plugin - Unauthenticated Events Export | Network Scanner | Sep 2021 | Sep 2021 | High | 7.5 | No | ||
| vRealize Operations Manager API - Server Side Request Forgery | Network Scanner | Sep 2021 | Sep 2021 | High | 7.5 | No | ||
| Citrix ADC - Reflected Code Injection | Network Scanner | Sep 2021 | Sep 2021 | Medium | 6.5 | Yes | ||
| Citrix ADC - Arbitrary File Read | Network Scanner | Sep 2021 | Sep 2021 | Medium | 6.5 | Yes | ||
| Microsoft Exchange - Remote Code Execution | Network Scanner | May 2021 | May 2021 | Critical | 9.8 | No |