Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.824 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 182 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 16.824

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	CVSSv3	EPSS Score	EPSS Percentile	Exploitable with Sniper
Grocy - Default Admin Credentials	Network Scanner	Apr 2, 2026	High	N/A	N/A	No
SiYuan <= v3.5.9 - SVG Animate Element XSS CVE-2026-31807	Network Scanner	Apr 2, 2026	Medium(6.1)	0.01	0.09	No
PhotoPrism - Unauthenticated Exposure	Network Scanner	Apr 2, 2026	High	N/A	N/A	No
Heimdall - Host Header Injection & Open Redirect CVE-2025-50578	Network Scanner	Apr 2, 2026	Medium(9.8)	0.06	0.91	No
Revive Adserver - Exposed Installer	Network Scanner	Apr 1, 2026	High	N/A	N/A	No
WordPress Contact Form by Supsystic - Server-Side Template Injection CVE-2026-4257	Network Scanner	Apr 1, 2026	Critical(9.8)	0.13	0.94	No
NocoBase - VM Sandbox Escape to Remote Code Execution CVE-2026-34156	Network Scanner	Apr 1, 2026	Critical(10)	0.06	0.9	No
NetBox - Default Admin Credentials	Network Scanner	Apr 1, 2026	High	N/A	N/A	No
Heimdall Application Dashboard < 2.7.3 - Reflected XSS CVE-2025-54597	Network Scanner	Apr 1, 2026	Medium(6.1)	0.02	0.8	No
SiYuan Note - Cross-Site Scripting CVE-2026-34605	Network Scanner	Apr 1, 2026	Medium(6.1)	0.02	0.78	No
Magento PolyShell – Unauthenticated File Upload to RCE	Network Scanner	Apr 1, 2026	Critical	N/A	N/A	No
Heimdall Application Dashboard - Unauthenticated Access	Network Scanner	Apr 1, 2026	Medium	N/A	N/A	No
Graylog - Default Admin Credentials	Network Scanner	Apr 1, 2026	High	N/A	N/A	No
SiYuan Note - Cross-Site Scripting CVE-2026-29183	Network Scanner	Apr 1, 2026	Medium(6.1)	0.01	0.37	No
Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution CVE-2022-41678	Network Scanner	Apr 1, 2026	High(8.8)	0.94	1	No
Vite dev server - Cross-Site Scripting CVE-2023-49293	Network Scanner	Apr 1, 2026	Medium(6.1)	0.09	0.93	No
Gradio - Absolute Path Traversal CVE-2026-28414	Network Scanner	Apr 1, 2026	High(7.5)	0.02	0.8	No
Gravity SMTP WordPress Plugin - Sensitive Information Exposure CVE-2026-4020	Network Scanner	Apr 1, 2026	High(7.5)	0.05	0.9	No
Service Finder Bookings - Authentication Bypass CVE-2025-5947	Network Scanner	Mar 31, 2026	Critical(9.8)	0.55	0.99	No
Synway SMG Gateway 9-2radius.php - Remote Command Execution	Network Scanner	Mar 31, 2026	Critical	N/A	N/A	No
ManageEngine PAM360 - Default Credentials	Network Scanner	Mar 31, 2026	High(8.3)	N/A	N/A	No
DedeCMS - Open Redirect via download.php CVE-2024-57241	Network Scanner	Mar 31, 2026	Medium(6.1)	0.11	0.94	No
Google Gemini API Key - Exposure	Network Scanner	Mar 30, 2026	High	N/A	N/A	No
pfSense - Default Admin Credentials	Network Scanner	Mar 30, 2026	High	N/A	N/A	No
Spring Cloud Config Server - Path Traversal CVE-2026-22739	Network Scanner	Mar 30, 2026	High(8.6)	0.12	0.94	No

Vulnerability & Exploit Database

One of EMEA's fastest-growing tech companies

Independently audited company-wide ISMS

50,000+ security folks are here. Are you?

Security leaders trust what they can prove