reNgine 2.2.0 - Command Injection

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput. id: CVE-2023-50094 info: name: reNgine 2.2.0 - Command Injection...

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

CVE-2024-58287

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

CVE-2024-58287

The CVE concerns reNgine 2.2.0, where a command-injection flaw exists in the nmap_cmd parameter of the scan engine configuration. The underlying issue allows authenticated attackers to modify the nmap_cmd field with malicious base64-encoded payloads, enabling remote code execution during scan eng...

CVE-2024-58287 reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

CVE-2024-58287 reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

reNgine 操作系统命令注入漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined reconnaissance process supported by an engine, reconnaissance data correlation and organization, continuous monitoring, supported by a...

PT-2025-50741

Name of the Vulnerable Software and Affected Versions reNgine version 2.2.0 Description The software contains a command injection issue in the nmap cmd parameter within the scan engine configuration. Authenticated attackers can execute arbitrary commands by modifying the nmap cmd parameter with...

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

reNgine 安全漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined scouting process supported by an engine, scouting data correlation and organization, continuous monitoring, supported by a database and a...

PT-2025-41564

Name of the Vulnerable Software and Affected Versions ReNgine versions through 2.2.0 Description ReNgine through version 2.2.0 contains a Stored Cross-Site Scripting XSS issue within the Vulnerabilities module. When a target is scanned using an XSS payload, the payload is rendered without proper...

EUVD-2021-25848

Malware in sbrugna...

EUVD-2024-40257

Malicious code in bioql PyPI...

EUVD-2022-25089

Malicious code in bioql PyPI...

EUVD-2025-3980

Malicious code in bioql PyPI...

The vulnerability of the reNgine software tool for automated web application reconnaissance, related to insufficient protection of operational data, allows a perpetrator to disclose protected information.

The vulnerability of the reNgine software tool for automated web application reconnaissance is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

CVE-2024-43381

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...

CVE-2022-36566

Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function...

CVE-2022-28995

Rengine v1.0.2 was discovered to contain a remote code execution RCE vulnerability via the yaml configuration function...