Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.933 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 190 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Displaying 1 - 25 results out of 16.933

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
MajorDoMo - Unauthenticated RCE CVE-2026-27174	Network Scanner	Apr 21, 2026	Critical(10)	No
Krayin CMS - Installer	Network Scanner	Apr 21, 2026	High	No
Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE CVE-2025-23211	Network Scanner	Apr 21, 2026	Critical(9.9)	No
DataEase - Remote Code Execution CVE-2025-49002	Network Scanner	Apr 21, 2026	High(9.8)	No
Avaya Phone Web Interface - Default Login	Network Scanner	Apr 21, 2026	High	No
Exposed Prisma Database Schema - Exposure	Network Scanner	Apr 21, 2026	Medium	No
Odoo <= 15.0 - Cross-Site Scripting CVE-2021-26947	Network Scanner	Apr 21, 2026	Medium(6.1)	No
Download Monitor < 1.9.7 - Unauthenticated Download Log Export	Network Scanner	Apr 21, 2026	High	No
Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure CVE-2026-2262	Network Scanner	Apr 21, 2026	High(7.5)	No
WP Directory Kit <= 1.4.4 - Authentication Bypass CVE-2025-13390	Network Scanner	Apr 20, 2026	Critical(10)	No
Apache SkyWalking - Dashboard	Network Scanner	Apr 20, 2026	High	No
ionCube Tester Plus <= 1.3 - Local File Inclusion CVE-2025-69411	Network Scanner	Apr 19, 2026	High(7.5)	No
Chatwoot - Installation	Network Scanner	Apr 19, 2026	High	No
Vendure Core - SQL Injection CVE-2026-40887	Network Scanner	Apr 17, 2026	Critical(9.1)	No
Retool Self-Hosted - postMessage XSS via Custom Component Collections	Network Scanner	Apr 17, 2026	High	No
Vite Dev Server - Arbitrary File Read CVE-2026-39363	Network Scanner	Apr 17, 2026	High(8.2)	No
SmarterMail - Remote Code Execution CVE-2026-24423	Network Scanner	Apr 17, 2026	Critical(9.8)	No
ChromaDB - Unauthenticated API Exposure	Network Scanner	Apr 17, 2026	Medium	No
AnythingLLM - Username Enumeration via Password Recovery CVE-2026-21484	Network Scanner	Apr 17, 2026	Medium(5.3)	No
WordPress Madara Theme < 2.2.2.1 - Local File Inclusion CVE-2025-4524	Network Scanner	Apr 17, 2026	Critical(9.1)	No
Chainlit - Unauthenticated Access	Network Scanner	Apr 17, 2026	Low	No
esm.sh <= v136 - Arbitrary File Write via Path Traversal CVE-2025-59342	Network Scanner	Apr 17, 2026	Medium(5.3)	No
Nginx UI - Broken Access Control CVE-2026-33032	Network Scanner	Apr 17, 2026	Critical(9.8)	No
OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization CVE-2026-33439	Network Scanner	Apr 17, 2026	Critical(9.8)	No
Arcane <= 1.17.2 - Server-Side Request Forgery CVE-2026-40242	Network Scanner	Apr 17, 2026	High(7.2)	No