Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 17.079 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 190 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 17.079

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Ivanti Sentry - OS Command Injection CVE-2026-10520	Network Scanner	Jun 10, 2026	Critical(10)	No
dotCMS Core Publish Audit API - Unauthenticated SQL Injection CVE-2026-8054	Network Scanner	Jun 9, 2026	Critical	No
UniFi OS Server - Command Injection CVE-2026-34910	Network Scanner	Jun 9, 2026	Critical(10)	No
WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection CVE-2026-5073	Network Scanner	Jun 9, 2026	High(7.5)	No
changedetection.io <= 0.52.9 - Unauthenticated Path Traversal CVE-2026-25527	Network Scanner	Jun 9, 2026	Medium(5.3)	No
Dozzle - Server Side Request Forgery CVE-2026-45298	Network Scanner	Jun 9, 2026	High(8.6)	No
Milvus - Unauthenticated Metrics API Access CVE-2026-26190	Network Scanner	Jun 8, 2026	Critical(9.8)	No
PrestaShop lgcookieslaw - SQL Injection CVE-2022-44727	Network Scanner	Jun 8, 2026	Critical(9.8)	No
phpBB - Authentication bypass CVE-2026-000000	Network Scanner	Jun 8, 2026	Critical(9.4)	No
Starlette - Improper Validation of Unsafe Equivalence in Input CVE-2026-48710	Network Scanner	Jun 5, 2026	Medium(6.5)	No
MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes CVE-2026-2652	Network Scanner	Jun 5, 2026	High(8.6)	No
Open WebUI 'LDAP Empty Password' - Authentication Bypass CVE-2026-44551	Network Scanner	Jun 5, 2026	Critical(9.1)	No
Label Studio < 1.18.0 - Reflected XSS CVE-2025-47783	Network Scanner	Jun 4, 2026	Medium(6.1)	No
YesWiki - Cross-Site Scripting	Network Scanner	Jun 3, 2026	High	No
Scramble Laravel - Remote Code Execution CVE-2026-44262	Network Scanner	Jun 3, 2026	Critical(9.4)	No
E-Learning System 1.0 - SQL Injection CVE-2021-3239	Network Scanner	Jun 3, 2026	Critical(9.8)	No
Windmill/Nextcloud Flow < 1.603.3 - Unauthenticated Path Traversal CVE-2026-29059	Network Scanner	Jun 3, 2026	Critical(10)	No
Bitrix Site Management 2.x - Open Redirect CVE-2008-2052	Network Scanner	Jun 3, 2026	Medium(6.1)	No
WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution CVE-2025-13773	Network Scanner	Jun 3, 2026	Critical(9.8)	No
DataEase < 2.10.10 - JWT Authentication Bypass CVE-2025-49001	Network Scanner	Jun 3, 2026	Critical(9.8)	No
LiteLLM - Command Injection CVE-2026-42271	Network Scanner	Jun 3, 2026	Critical(9.8)	No
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery CVE-2020-36884	Network Scanner	Jun 3, 2026	Medium	No
Open WebUI < 0.9.5 - Information Disclosure CVE-2026-45397	Network Scanner	Jun 3, 2026	Medium(5.3)	No
Palo Alto Networks PAN-OS - Authentication Bypass CVE-2026-0257	Network Scanner	Jun 2, 2026	Critical(9.1)	No
JoomSport <= 5.7.7 - SQL Injection CVE-2026-42647	Network Scanner	Jun 1, 2026	Critical(9.3)	No