Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.

We detect more than 11.457 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 147 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 11.457

Pentest-Tools.com Vulnerabilities
Name	CVE	Detectable with	Detection added	Severity	CVSSv3 score	Exploitable with Sniper
Qualitor <= 8.24 - Remote Code Execution	CVE-2024-44849	Network Scanner	Sep 11, 2024	Critical	9.8	No
OpenAM<=15.0.3 FreeMarker - Template Injection	CVE-2024-41667	Network Scanner	Sep 11, 2024	High	8.8	No
SPIP BigUp Plugin - Remote Code Execution	CVE-2024-8517	Network Scanner	Sep 11, 2024	Critical	9.8	No
Opti Marketing <= 2.0.9 - SQL Injection	CVE-2024-6928	Network Scanner	Sep 11, 2024	Critical	10	No
Apache Tomcat 4.x-7.x - Cross-Site Scripting	CVE-2007-2449	Network Scanner	Sep 10, 2024	High	7.2	No
Jakarta Tomcat 3.1 and 3.0 - Exposure	CVE-2000-0760	Network Scanner	Sep 10, 2024	---	---	No
Progress Telerik Report Server - Remote Code Execution	CVE-2024-4358	Network Scanner	Sep 10, 2024	Critical	9.8	Yes
Hoverfly < 1.10.3 - Arbitrary File Read	CVE-2024-45388	Network Scanner	Sep 9, 2024	High	7.5	No
TrueBooker <= 1.0.2 - SQL Injection	CVE-2024-6924	Network Scanner	Sep 9, 2024	Critical	9.8	No
Viral Signup <= 2.1 - SQL Injection	CVE-2024-6926	Network Scanner	Sep 9, 2024	Critical	9.8	No
Push Notification for Post and BuddyPress <= 1.93 - SQL Injection	CVE-2024-6159	Network Scanner	Sep 9, 2024	Critical	10	No
SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge	CVE-2024-6846	Network Scanner	Sep 9, 2024	Medium	5.3	No
Sensei LMS < 4.24.2 - Email Template Leak	CVE-2024-7786	Network Scanner	Sep 9, 2024	High	7.5	No
Apache HTTPd Windows UNC - Server-Side Request Forgery	CVE-2024-38472	Network Scanner	Sep 9, 2024	High	7.5	No
GiveWP Donation Plugin - Remote Code Execution	CVE-2024-5932	Network Scanner	Sep 9, 2024	Critical	10	No
WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion	CVE-2014-4577	Network Scanner	Sep 6, 2024	Medium	5	No
KiviCare WordPress Plugin - Cross-Site Scripting	CVE-2023-2624	Network Scanner	Sep 6, 2024	Medium	6.1	No
GLPI 10.0.10-10.0.14 - SQL Injection	CVE-2024-29889	Network Scanner	Sep 6, 2024	High	7.1	No
XWiki >= 13.10.8 - Cross-Site Scripting	CVE-2023-29506	Network Scanner	Sep 6, 2024	Medium	6.1	No
WhatsUp Gold HasErrors SQL Injection - Authentication Bypass	CVE-2024-6670	Network Scanner	Sep 6, 2024	Critical	9.8	No
Lightdash v0.1024.6 - Server-Side Request Forgery	CVE-2024-6586	Network Scanner	Sep 6, 2024	High	7.3	No
Apache OFBiz - Remote Code Execution	CVE-2024-45195	Network Scanner	Sep 6, 2024	High	7.5	No
Roundcube - Cross Site Scripting	CVE-2023-43770	Network Scanner	Sep 6, 2024	Medium	6.1	No
Hardcoded Admin Credentials For Cisco Smart Licensing Utility API	CVE-2024-20439	Network Scanner	Sep 6, 2024	Critical	9.8	No
SolarWinds Web Help Desk - Hardcoded Credential	CVE-2024-28987	Network Scanner	Sep 6, 2024	Critical	9.1	No