30 matches found
CVE-2023-50094
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...
CVE-2025-61319
ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...
EUVD-2022-25089
Malicious code in bioql PyPI...
EUVD-2025-3980
Malicious code in bioql PyPI...
CVE-2024-43381
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...
CVE-2021-38606
reNgine through 0.5 relies on a predictable directory name...
CVE-2025-24967
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...
CVE-2025-24899
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...
CVE-2025-24968
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...
CVE-2025-24966
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...
CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...
CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...
CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...
CVE-2025-24968
CVE-2025-24968 — reNgine is affected by an unrestricted project deletion vulnerability. According to PT Security and Red Hat entries, attackers with specific roles (e.g., penetration tester , auditor ) can delete all projects, potentially enabling a complete system takeover via redirection to the...
CVE-2025-24967 Stored XSS on Admin Panel When Deleting a User in reNgine
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...
CVE-2025-24966 HTML Injection in reNgine
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...
CVE-2025-24966
CVE-2025-24966 concerns the reNgine web-app reconnaissance framework. The issue is HTML Injection in the Add Target functionality, where the Target Organization and Target Description fields improperly validate or sanitize input, allowing arbitrary HTML payloads. The injected HTML is rendered in ...
reNgine 访问控制错误漏洞
reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined reconnaissance process supported by an engine, reconnaissance data correlation and organization, continuous monitoring, supported by a...
PT-2025-5610 · Rengine · Rengine
Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.20 Description: A stored cross-site scripting XSS issue exists in the admin panel's user management functionality, allowing an attacker to inject malicious payloads into the username field during user creation. Thi...
CVE-2025-24962
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmapcmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the...