Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.538 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 179 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 16.396

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Advance Post Prefix WordPress plugin - Reflected XSS CVE-2024-12734	Network Scanner	Feb 7, 2026	Medium(6.1)	No
Zarinpal Paid Download - Reflected XSS CVE-2024-13543	Network Scanner	Feb 7, 2026	Medium(6.1)	No
WordPress User Messages <= 1.2.4 - Reflected XSS CVE-2024-13222	Network Scanner	Feb 7, 2026	Medium(6.1)	No
WordPress List Site Contributors < 1.1.8 - Reflected XSS CVE-2026-0594	Network Scanner	Feb 7, 2026	Medium(6.1)	No
WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection CVE-2025-13138	Network Scanner	Feb 6, 2026	High(7.5)	No
ProfileGrid <= 5.7.8 - SQL Injection CVE-2024-30490	Network Scanner	Feb 5, 2026	Critical(9.3)	No
vCenter Server - Improper Access Control CVE-2021-22017	Network Scanner	Feb 5, 2026	Medium(5.3)	No
Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution CVE-2025-10353	Network Scanner	Feb 5, 2026	Critical(9.8)	No
MOVEit Transfer - SQL Injection CVE-2023-35708	Network Scanner	Feb 5, 2026	Critical(9.1)	No
RustDesk Web Client - Default login	Network Scanner	Feb 4, 2026	High	No
VMWare Cloud Foundation NSX-V - XML External Entity (XXE) CVE-2022-31678	Network Scanner	Feb 4, 2026	Critical(9.1)	No
WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass CVE-2024-6671	Network Scanner	Feb 4, 2026	Critical(9.8)	No
OpenCode < 1.0.216 - Unauthenticated Remote Code Execution CVE-2026-22812	Network Scanner	Feb 4, 2026	High(8.8)	No
WP Extended < 3.0.0 - Stored Cross-Site Scripting CVE-2024-37259	Network Scanner	Feb 4, 2026	Medium(6.1)	No
LatePoint <= 5.0.11 - SQL Injection CVE-2024-8911	Network Scanner	Feb 4, 2026	Critical(9.8)	No
Laravel Livewire v3 - Remote Command Execution CVE-2025-54068	Network Scanner	Feb 4, 2026	Critical(9.8)	No
XWiki Platform Distribution Flavor Main - Cross-Site Scripting CVE-2026-24128	Network Scanner	Feb 3, 2026	Medium(6.1)	No
Redis < 8.2.3 - Stack Buffer Overflow CVE-2025-62507	Network Scanner	Feb 3, 2026	Critical(8.8)	No
WordPress H5VP Plugin - Full Path Disclosure	Network Scanner	Feb 3, 2026	Low	No
WhoDB < 0.45.0 - Path Traversal CVE-2025-24786	Network Scanner	Feb 3, 2026	High(7.5)	No
Telnet inetutils - Authentication Bypass CVE-2026-24061	Network Scanner	Feb 3, 2026	Critical(9.8)	Yes
GUDE - Default Login	Network Scanner	Jan 30, 2026	High	No
Contest Gallery - Broken Access Control CVE-2024-43283	Network Scanner	Jan 30, 2026	Medium(5.3)	No
Citrix StoreFront Server - XML External Entity CVE-2019-13608	Network Scanner	Jan 29, 2026	High(7.5)	No
WordPress LazyLoad Plugin - Full Path Disclosure	Network Scanner	Jan 29, 2026	Low	No