Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.828 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 182 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 16.686

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Piwik/Matomo - Unauthenticated Access	Network Scanner	Apr 4, 2026	High	No
Mirth Connect - Default Admin Credentials	Network Scanner	Apr 4, 2026	Critical	No
SiYuan <= v3.6.1 - Bookmark Data Disclosure CVE-2026-34453	Network Scanner	Apr 3, 2026	High(7.5)	No
Symfony HttpFoundation - Access Control Bypass via PATH_INFO CVE-2025-64500	Network Scanner	Apr 3, 2026	High(7.3)	No
NocoDB - User Enumeration CVE-2026-28358	Network Scanner	Apr 3, 2026	Medium(5.3)	No
Pi-hole Reflected XSS in 404-Error Page CVE-2025-53533	Network Scanner	Apr 3, 2026	Medium(6.1)	No
SiYuan <= v3.5.9 - SVG Animate Element XSS CVE-2026-31807	Network Scanner	Apr 2, 2026	Medium(6.1)	No
Grocy - Default Admin Credentials	Network Scanner	Apr 2, 2026	High	No
PhotoPrism - Unauthenticated Exposure	Network Scanner	Apr 2, 2026	High	No
Heimdall - Host Header Injection & Open Redirect CVE-2025-50578	Network Scanner	Apr 2, 2026	Medium(9.8)	No
Heimdall Application Dashboard - Unauthenticated Access	Network Scanner	Apr 1, 2026	Medium	No
SiYuan Note - Cross-Site Scripting CVE-2026-29183	Network Scanner	Apr 1, 2026	Medium(6.1)	No
Revive Adserver - Exposed Installer	Network Scanner	Apr 1, 2026	High	No
Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution CVE-2022-41678	Network Scanner	Apr 1, 2026	High(8.8)	No
Gradio - Absolute Path Traversal CVE-2026-28414	Network Scanner	Apr 1, 2026	High(7.5)	No
NetBox - Default Admin Credentials	Network Scanner	Apr 1, 2026	High	No
WordPress Contact Form by Supsystic - Server-Side Template Injection CVE-2026-4257	Network Scanner	Apr 1, 2026	Critical(9.8)	No
Gravity SMTP WordPress Plugin - Sensitive Information Exposure CVE-2026-4020	Network Scanner	Apr 1, 2026	High(7.5)	No
Magento PolyShell – Unauthenticated File Upload to RCE	Network Scanner	Apr 1, 2026	Critical	No
Heimdall Application Dashboard < 2.7.3 - Reflected XSS CVE-2025-54597	Network Scanner	Apr 1, 2026	Medium(6.1)	No
Graylog - Default Admin Credentials	Network Scanner	Apr 1, 2026	High	No
Vite dev server - Cross-Site Scripting CVE-2023-49293	Network Scanner	Apr 1, 2026	Medium(6.1)	No
SiYuan Note - Cross-Site Scripting CVE-2026-34605	Network Scanner	Apr 1, 2026	Medium(6.1)	No
NocoBase - VM Sandbox Escape to Remote Code Execution CVE-2026-34156	Network Scanner	Apr 1, 2026	Critical(10)	No
DedeCMS - Open Redirect via download.php CVE-2024-57241	Network Scanner	Mar 31, 2026	Medium(6.1)	No