PT-2025-5611 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions up to and including 2.20 Description: An unrestricted project deletion vulnerability in reNgine allows attackers with specific roles, such as penetration tester or auditor, to delete all projects in the system. This can lead ...

reNgine 访问控制错误漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined reconnaissance process supported by an engine, reconnaissance data correlation and organization, continuous monitoring, supported by a...

reNgine 跨站脚本漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined reconnaissance process supported by an engine, reconnaissance data correlation and organization, continuous monitoring, supported by a...

PT-2025-5609 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions up to and including 2.2.0 Description: The issue occurs due to improper validation or sanitization of user inputs in the "Add Target" functionality, allowing attackers to inject arbitrary HTML code. The injected HTML is...

PT-2025-5610 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.20 Description: A stored cross-site scripting XSS issue exists in the admin panel's user management functionality, allowing an attacker to inject malicious payloads into the username field during user creation. Thi...

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmapcmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the...

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

CVE-2025-24899

The CVE concerns reNgine, an automated reconnaissance framework for web apps. A flaw allows an insider with any role (e.g., Auditor, Penetration Tester, Sys Admin) to exfiltrate sensitive data from other reNgine users via a GET request to /api/listVulnerability/ after scanning targets. Affected d...

CVE-2025-24899 Disclosure of Sensitive User Information via API in reNgine

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

CVE-2025-24899 Disclosure of Sensitive User Information via API in reNgine

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

CVE-2025-24899 Disclosure of Sensitive User Information via API in reNgine

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

CVE-2025-24962 Command Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmapcmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the...

CVE-2025-24962 Command Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmapcmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the...

CVE-2025-24962 Command Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmapcmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the...

CVE-2025-24962

reNgine suffers a command-injection vulnerability in which an attacker could inject commands via the nmap_cmd parameter. This is confirmed across multiple sources (e.g., Red Hat CVE entry, OSV, CVE list, and other feeds) and is described as being addressed in commit c28e5c8d with a fix to be incl...

reNgine 信息泄露漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined scouting process supported by an engine, scouting data correlation and organization, continuous monitoring, supported by a database and a...

PT-2025-5606 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine affected versions not specified Description: The issue allows a user to inject commands via the nmap cmd parameters. This is a command injection issue in the reNgine automated reconnaissance framework for web applications. Users are...

reNgine 注入漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined scouting process supported by an engine, scouting data association and organization, continuous monitoring, supported by a database and a...

Exploit for OS Command Injection in Yogeshojha Rengine

reNgine 2.2.0 - Command Injection - CVE-2023-50094 Descri...

reNgine 2.2.0 Command Injection

Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...