Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 17.117 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 190 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 16.975

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Magento 2 Amasty Order Attributes < 4.0.0 - Unauthenticated Arbitrary File Upload CVE-2026-53787	Network Scanner	Jun 23, 2026	Critical(9.8)	No
LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery CVE-2026-54157	Network Scanner	Jun 22, 2026	Medium	No
UniFi Network Application - Path Traversal CVE-2026-22557	Network Scanner	Jun 22, 2026	Critical(10)	No
Dashy <= 4.3.6 - Reflected XSS via Workspace CVE-2026-55592	Network Scanner	Jun 22, 2026	Medium(6.1)	No
Samba Printing Subsystem - Remote Code Execution CVE-2026-4480	Network Scanner	Jun 22, 2026	Critical(9.8)	No
Dify < 1.13.0 - Unauthenticated SSRF via Remote File Upload	Network Scanner	Jun 20, 2026	High	No
Oracle PeopleSoft PeopleTools PSEMHUB - Pre-Auth Java Deserialization RCE CVE-2026-35273	Network Scanner	Jun 19, 2026	Critical(9.8)	No
FUXA 1.3.0 - Unauthenticated ICS/SCADA Project Data Disclosure CVE-2026-47717	Network Scanner	Jun 19, 2026	High(7.5)	No
OpenCATS - Command Injection CVE-2026-27760	Network Scanner	Jun 18, 2026	High(8.1)	No
mcp-atlassian < 0.17.0 - Server-Side Request Forgery CVE-2026-27826	Network Scanner	Jun 18, 2026	High(8.2)	No
SiYuan Note <= 3.6.5 - Authentication Bypass CVE-2026-54069	Network Scanner	Jun 17, 2026	Critical(9.1)	No
DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting CVE-2025-61224	Network Scanner	Jun 17, 2026	Medium(6.1)	No
OpenBullet2 <= 0.3.2 - Authentication Bypass CVE-2026-25555	Network Scanner	Jun 17, 2026	Critical(9.8)	No
Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass CVE-2026-50751	Network Scanner	Jun 17, 2026	Critical(10)	No
Campaign Monitor for WordPress - Information Disclosure CVE-2024-6569	Network Scanner	Jun 17, 2026	Medium(5.3)	No
UpdraftPlus WP Backup & Migration Plugin - Authentication Bypass CVE-2026-10795	Network Scanner	Jun 16, 2026	High(8.1)	No
Piwigo < 16.3.0 - Unauthenticated Information Disclosure via History API CVE-2026-27833	Network Scanner	Jun 15, 2026	High(7.5)	No
Splunk Enterprise & Cloud Platform - Unrestricted File Upload CVE-2026-20253	Network Scanner	Jun 15, 2026	Critical(9.8)	No
DbGate - Remote Code Execution via Dynamic Import Bypass CVE-2026-47670	Network Scanner	Jun 15, 2026	Critical(9.4)	No
Lyrion Music Server <= 9.2.0 - Cross-Site Scripting CVE-2026-50230	Network Scanner	Jun 15, 2026	Medium(6.1)	No
Joomla! JCE extension < 2.9.99.5 unauthenticated RCE CVE-2026-48907	Network Scanner	Jun 14, 2026	Critical(10)	No
W3 Total Cache < 2.8.2 - Log File Exposure CVE-2024-12008	Network Scanner	Jun 14, 2026	Medium(5.3)	No
phpMyFAQ <= 4.1.1 - SQL Injection CVE-2026-46364	Network Scanner	Jun 11, 2026	Critical(9.8)	No
PraisonAI - Authentication Bypass CVE-2026-44338	Network Scanner	Jun 11, 2026	High(7.3)	No
WP User Manager – User Profile Builder & Membership - Local File Inclusion CVE-2026-9290	Network Scanner	Jun 11, 2026	High(7.5)	No