Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.922 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 190 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 16.922

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Chatwoot - Installation	Network Scanner	Apr 19, 2026	High	No
ionCube Tester Plus <= 1.3 - Local File Inclusion CVE-2025-69411	Network Scanner	Apr 19, 2026	High(7.5)	No
esm.sh <= v136 - Arbitrary File Write via Path Traversal CVE-2025-59342	Network Scanner	Apr 17, 2026	Medium(5.3)	No
OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization CVE-2026-33439	Network Scanner	Apr 17, 2026	Critical(9.8)	No
Chainlit - Unauthenticated Access	Network Scanner	Apr 17, 2026	Low	No
Retool Self-Hosted - postMessage XSS via Custom Component Collections	Network Scanner	Apr 17, 2026	High	No
Nginx UI - Broken Access Control CVE-2026-33032	Network Scanner	Apr 17, 2026	Critical(9.8)	No
SmarterMail - Remote Code Execution CVE-2026-24423	Network Scanner	Apr 17, 2026	Critical(9.8)	No
AnythingLLM - Username Enumeration via Password Recovery CVE-2026-21484	Network Scanner	Apr 17, 2026	Medium(5.3)	No
WordPress Madara Theme < 2.2.2.1 - Local File Inclusion CVE-2025-4524	Network Scanner	Apr 17, 2026	Critical(9.1)	No
ChromaDB - Unauthenticated API Exposure	Network Scanner	Apr 17, 2026	Medium	No
Vite Dev Server - Arbitrary File Read CVE-2026-39363	Network Scanner	Apr 17, 2026	High(8.2)	No
Arcane <= 1.17.2 - Server-Side Request Forgery CVE-2026-40242	Network Scanner	Apr 17, 2026	High(7.2)	No
Vendure Core - SQL Injection CVE-2026-40887	Network Scanner	Apr 17, 2026	Critical(9.1)	No
Reflected Odoo - Open Redirect	Network Scanner	Apr 16, 2026	Low	No
Cockpit Web Console < 360 - Remote Code Execution CVE-2026-4631	Network Scanner	Apr 16, 2026	Critical(9.8)	No
DbGate Anonymous Access	Network Scanner	Apr 16, 2026	High	No
Flowise - NVIDIA NIM Endpoints Missing Authentication CVE-2026-30824	Network Scanner	Apr 15, 2026	High(8.6)	No
WCAPF WooCommerce Ajax Product Filter - SQL Injection CVE-2026-3396	Network Scanner	Apr 15, 2026	High(7.5)	No
User Registration & Membership WordPress plugin - Open Redirect CVE-2026-6203	Network Scanner	Apr 15, 2026	Medium(6.1)	No
Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection CVE-2025-14124	Network Scanner	Apr 15, 2026	High(8.6)	No
LoLLMs WEBUI - Server-Side Request Forgery CVE-2026-33340	Network Scanner	Apr 15, 2026	Critical(9.1)	No
AstrBot <= 4.22.1 - Command Injection CVE-2026-6118	Network Scanner	Apr 15, 2026	High(8.8)	No
Cisco Secure Firewall Management Center - Authentication Bypass CVE-2026-20079	Network Scanner	Apr 14, 2026	Critical(10)	No
HT Mega < 3.0.7 - Sensitive Information Disclosure CVE-2026-4106	Network Scanner	Apr 14, 2026	High(7.5)	No