3 matches found
CVE-2025-24899
creationtimestamp| type| source ---|---|--- 2025-02-03 21:16:00+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhchn47q5w2f 2025-02-03 21:36:29+00:00| seen| https://infosec.exchange/users/cR0w/statuses/113942107867829427 2025-02-03 22:08:25+00:00| seen|...
CVE-2025-24899 Disclosure of Sensitive User Information via API in reNgine
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...
CVE-2025-24899
The CVE concerns reNgine, an automated reconnaissance framework for web apps. A flaw allows an insider with any role (e.g., Auditor, Penetration Tester, Sys Admin) to exfiltrate sensitive data from other reNgine users via a GET request to /api/listVulnerability/ after scanning targets. Affected d...