Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.836 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 182 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 16.836

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Gradio - Absolute Path Traversal CVE-2026-28414	Network Scanner	Apr 1, 2026	High(7.5)	No
Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution CVE-2022-41678	Network Scanner	Apr 1, 2026	High(8.8)	No
Gravity SMTP WordPress Plugin - Sensitive Information Exposure CVE-2026-4020	Network Scanner	Apr 1, 2026	High(7.5)	No
NetBox - Default Admin Credentials	Network Scanner	Apr 1, 2026	High	No
Graylog - Default Admin Credentials	Network Scanner	Apr 1, 2026	High	No
NocoBase - VM Sandbox Escape to Remote Code Execution CVE-2026-34156	Network Scanner	Apr 1, 2026	Critical(10)	No
SiYuan Note - Cross-Site Scripting CVE-2026-29183	Network Scanner	Apr 1, 2026	Medium(6.1)	No
Heimdall Application Dashboard < 2.7.3 - Reflected XSS CVE-2025-54597	Network Scanner	Apr 1, 2026	Medium(6.1)	No
WordPress Contact Form by Supsystic - Server-Side Template Injection CVE-2026-4257	Network Scanner	Apr 1, 2026	Critical(9.8)	No
SiYuan Note - Cross-Site Scripting CVE-2026-34605	Network Scanner	Apr 1, 2026	Medium(6.1)	No
Vite dev server - Cross-Site Scripting CVE-2023-49293	Network Scanner	Apr 1, 2026	Medium(6.1)	No
Heimdall Application Dashboard - Unauthenticated Access	Network Scanner	Apr 1, 2026	Medium	No
Magento PolyShell – Unauthenticated File Upload to RCE	Network Scanner	Apr 1, 2026	Critical	No
Revive Adserver - Exposed Installer	Network Scanner	Apr 1, 2026	High	No
Synway SMG Gateway 9-2radius.php - Remote Command Execution	Network Scanner	Mar 31, 2026	Critical	No
DedeCMS - Open Redirect via download.php CVE-2024-57241	Network Scanner	Mar 31, 2026	Medium(6.1)	No
Service Finder Bookings - Authentication Bypass CVE-2025-5947	Network Scanner	Mar 31, 2026	Critical(9.8)	No
ManageEngine PAM360 - Default Credentials	Network Scanner	Mar 31, 2026	High(8.3)	No
Google Gemini API Key - Exposure	Network Scanner	Mar 30, 2026	High	No
Citrix NetScaler SAML IDP - Memory Overread CVE-2026-3055	Network Scanner	Mar 30, 2026	Critical(9.8)	No
WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure CVE-2025-62126	Network Scanner	Mar 30, 2026	Medium(5.3)	No
OpenProject - Default Admin Credentials	Network Scanner	Mar 30, 2026	High	No
Liferay Portal & DXP - Cross-Site Scripting CVE-2025-4576	Network Scanner	Mar 30, 2026	Medium(6.1)	No
Vite Dev Server - Information Exposure CVE-2023-34092	Network Scanner	Mar 30, 2026	High(7.5)	No
WordPress Hummingbird <= 3.18.0 - Sensitive Information Exposure via Log File CVE-2025-14437	Network Scanner	Mar 30, 2026	High(7.5)	No