Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.11 views

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

8.8CVSS7.5AI score0.1354EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/10/10 12:0 a.m.10 views

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

0.00266EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-25089

Malicious code in bioql PyPI...

9.8CVSS8.3AI score0.02664EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-3980

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00517EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:38 a.m.8 views

CVE-2024-43381

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...

5.4CVSS5.6AI score0.00417EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.6 views

CVE-2021-38606

reNgine through 0.5 relies on a predictable directory name...

9.8CVSS7AI score0.01202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:42 a.m.12 views

CVE-2025-24967

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...

7.4CVSS5.5AI score0.00277EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:42 a.m.11 views

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

7.5CVSS6.6AI score0.00517EPSS
Exploits1References1
NVD
NVD
added 2025/02/04 8:15 p.m.44 views

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS0.00604EPSS
Exploits1References1
NVD
NVD
added 2025/02/04 8:15 p.m.27 views

CVE-2025-24966

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...

5.4CVSS0.0026EPSS
Exploits1References1
OSV
OSV
added 2025/02/04 7:28 p.m.12 views

CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS6.7AI score0.00604EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/04 7:28 p.m.32 views

CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS0.00604EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/04 7:28 p.m.32 views

CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS8.7AI score0.00604EPSS
Exploits1References1
CVE
CVE
added 2025/02/04 7:28 p.m.98 views

CVE-2025-24968

CVE-2025-24968 — reNgine is affected by an unrestricted project deletion vulnerability. According to PT Security and Red Hat entries, attackers with specific roles (e.g., penetration tester , auditor ) can delete all projects, potentially enabling a complete system takeover via redirection to the...

8.8CVSS6.8AI score0.00604EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/02/04 7:28 p.m.9 views

CVE-2025-24967 Stored XSS on Admin Panel When Deleting a User in reNgine

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...

7.4CVSS5.7AI score0.00277EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/04 7:26 p.m.25 views

CVE-2025-24966 HTML Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...

5.3CVSS0.0026EPSS
Exploits1References1
CVE
CVE
added 2025/02/04 7:26 p.m.65 views

CVE-2025-24966

CVE-2025-24966 concerns the reNgine web-app reconnaissance framework. The issue is HTML Injection in the Add Target functionality, where the Target Organization and Target Description fields improperly validate or sanitize input, allowing arbitrary HTML payloads. The injected HTML is rendered in ...

5.4CVSS7.2AI score0.0026EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.5 views

reNgine 访问控制错误漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined reconnaissance process supported by an engine, reconnaissance data correlation and organization, continuous monitoring, supported by a...

8.8CVSS6.5AI score0.00604EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.6 views

PT-2025-5610 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.20 Description: A stored cross-site scripting XSS issue exists in the admin panel's user management functionality, allowing an attacker to inject malicious payloads into the username field during user creation. Thi...

7.4CVSS5.2AI score0.00277EPSS
Exploits1References7
NVD
NVD
added 2025/02/03 9:15 p.m.23 views

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmapcmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the...

8.8CVSS0.00711EPSS
Exploits1References2
Rows per page
Query Builder