CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

CVE-2025-24967

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...

CVE-2025-24967 Stored XSS on Admin Panel When Deleting a User in reNgine

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...

CVE-2025-24966 HTML Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...

Rengine 安全漏洞

Rengine is an automated reconnaissance framework for gathering information during penetration testing of web applications. A security vulnerability exists in Rengine version 1.0.2, which stems from the discovery of a Remote Code Execution RCE vulnerability via the yaml configuration function...