reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via...
8.8CVSS
9AI Score
0.002EPSS
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine...
9.8CVSS
9.7AI Score
0.003EPSS
9.8CVSS
9.7AI Score
0.002EPSS
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration...
9.8CVSS
9.9AI Score
0.006EPSS
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box ....
5.4CVSS
5.2AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS