Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.

We detect more than 11.165 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 131 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 11.165

Pentest-Tools.com Vulnerabilities
Name	CVE	Detectable with	Detection added	Severity	CVSSv3 score	Exploitable with Sniper
mooSocial v.3.1.8 - Cross-Site Scripting	CVE-2023-44812	Network Scanner	May 7, 2024	Medium	6.1	No
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE	CVE-2023-4521	Network Scanner	May 7, 2024	High	9.8	No
eyoucms v.1.6.5 - Cross-Site Scripting	CVE-2024-22927	Network Scanner	May 7, 2024	Medium	6.1	No
Avada < 7.11.7 - Information Disclosure	CVE-2024-2340	Network Scanner	May 6, 2024	Medium	5.3	No
WordPress Toolbar <= 2.2.6 - Open Redirect	CVE-2023-6389	Network Scanner	May 6, 2024	Medium	6.1	No
CrushFTP VFS - Sandbox Escape LFR	CVE-2024-4040	Network Scanner	May 6, 2024	High	10	No
MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template	CVE-2024-3136	Network Scanner	May 3, 2024	High	9.8	No
Wordpress Email Subscribers by Icegram Express - SQL Injection	CVE-2024-2876	Network Scanner	May 3, 2024	High	---	No
PrestaShop Step by Step products Pack - SQL Injection	CVE-2023-46347	Network Scanner	May 3, 2024	High	9.8	No
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload	CVE-2015-4455	Network Scanner	May 3, 2024	High	9.8	No
Magento - SQL Injection	CVE-2019-7139	Network Scanner	May 3, 2024	High	9.8	No
JetBrains TeamCity > 2023.11.3 - Authentication Bypass	CVE-2024-23917	Network Scanner	May 3, 2024	High	9.8	No
PrestaShop PireosPay - SQL Injection	CVE-2023-45375	Network Scanner	May 3, 2024	High	8.8	No
PrestaShop AdvancedPopupCreator - SQL Injection	CVE-2023-27032	Network Scanner	May 3, 2024	High	9.8	No
NextGen Healthcare Mirth Connect - Remote Code Execution	CVE-2023-43208	Network Scanner	May 1, 2024	High	9.8	No
Academy LMS 6.0 - Cross-Site Scripting	CVE-2023-38964	Network Scanner	May 1, 2024	Medium	6.1	No
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure	CVE-2024-0235	Network Scanner	Apr 30, 2024	Medium	5.3	No
SuperWebMailer 9.31.0.01799 - Cross-Site Scripting	CVE-2024-24131	Network Scanner	Apr 30, 2024	Medium	6.1	No
CData API Server < 23.4.8844 - Path Traversal	CVE-2024-31849	Network Scanner	Apr 30, 2024	High	9.8	No
Netmaker - Hardcoded DNS Secret Key	CVE-2023-32077	Network Scanner	Apr 30, 2024	High	7.5	No
WordPress Automatic Plugin <= 3.92.0 - SQL Injection	CVE-2024-27956	Network Scanner	Apr 30, 2024	High	9.9	No
Gradio - Server Side Request Forgery	CVE-2024-1183	Network Scanner	Apr 26, 2024	Medium	6.5	No
Sidekiq < 7.0.8 - Cross-Site Scripting	CVE-2023-1892	Network Scanner	Apr 26, 2024	High	8.3	No
RaidenMAILD Mail Server v.4.9.4 - Path Traversal	CVE-2024-32399	Network Scanner	Apr 26, 2024	High	---	No
Modoboa < 2.1.0 - Improper Authorization	CVE-2023-2227	Network Scanner	Apr 26, 2024	High	9.1	No