Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.836 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 182 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 16.694

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
SiYuan Note - Cross-Site Scripting CVE-2026-29183	Network Scanner	Apr 1, 2026	Medium(6.1)	No
Gradio - Absolute Path Traversal CVE-2026-28414	Network Scanner	Apr 1, 2026	High(7.5)	No
NetBox - Default Admin Credentials	Network Scanner	Apr 1, 2026	High	No
Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution CVE-2022-41678	Network Scanner	Apr 1, 2026	High(8.8)	No
Graylog - Default Admin Credentials	Network Scanner	Apr 1, 2026	High	No
Heimdall Application Dashboard < 2.7.3 - Reflected XSS CVE-2025-54597	Network Scanner	Apr 1, 2026	Medium(6.1)	No
SiYuan Note - Cross-Site Scripting CVE-2026-34605	Network Scanner	Apr 1, 2026	Medium(6.1)	No
Gravity SMTP WordPress Plugin - Sensitive Information Exposure CVE-2026-4020	Network Scanner	Apr 1, 2026	High(7.5)	No
Vite dev server - Cross-Site Scripting CVE-2023-49293	Network Scanner	Apr 1, 2026	Medium(6.1)	No
WordPress Contact Form by Supsystic - Server-Side Template Injection CVE-2026-4257	Network Scanner	Apr 1, 2026	Critical(9.8)	No
NocoBase - VM Sandbox Escape to Remote Code Execution CVE-2026-34156	Network Scanner	Apr 1, 2026	Critical(10)	No
Heimdall Application Dashboard - Unauthenticated Access	Network Scanner	Apr 1, 2026	Medium	No
Magento PolyShell – Unauthenticated File Upload to RCE	Network Scanner	Apr 1, 2026	Critical	No
Revive Adserver - Exposed Installer	Network Scanner	Apr 1, 2026	High	No
Synway SMG Gateway 9-2radius.php - Remote Command Execution	Network Scanner	Mar 31, 2026	Critical	No
Service Finder Bookings - Authentication Bypass CVE-2025-5947	Network Scanner	Mar 31, 2026	Critical(9.8)	No
ManageEngine PAM360 - Default Credentials	Network Scanner	Mar 31, 2026	High(8.3)	No
DedeCMS - Open Redirect via download.php CVE-2024-57241	Network Scanner	Mar 31, 2026	Medium(6.1)	No
Google Gemini API Key - Exposure	Network Scanner	Mar 30, 2026	High	No
Citrix NetScaler SAML IDP - Memory Overread CVE-2026-3055	Network Scanner	Mar 30, 2026	Critical(9.8)	No
WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure CVE-2025-62126	Network Scanner	Mar 30, 2026	Medium(5.3)	No
OpenProject - Default Admin Credentials	Network Scanner	Mar 30, 2026	High	No
pfSense - Default Admin Credentials	Network Scanner	Mar 30, 2026	High	No
Liferay Portal & DXP - Cross-Site Scripting CVE-2025-4576	Network Scanner	Mar 30, 2026	Medium(6.1)	No
Vite Dev Server - Information Exposure CVE-2023-34092	Network Scanner	Mar 30, 2026	High(7.5)	No