Lucene search

Rengine Security Vulnerabilities

cve

CVE-2021-38606

reNgine through 0.5 relies on a predictable directory name.

9.8CVSS

9.4AI Score

0.002EPSS

2021-08-12 04:15 PM

cve

CVE-2022-28995

Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.

9.8CVSS

9.9AI Score

0.006EPSS

2022-05-20 07:15 PM

cve

CVE-2022-36566

Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.

9.8CVSS

9.7AI Score

0.003EPSS

2022-08-31 06:15 PM

cve

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.

8.8CVSS

9.1AI Score

0.002EPSS

2024-01-01 06:15 PM

cve

CVE-2024-43381

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...

5.4CVSS

5.1AI Score

0.0004EPSS

2024-08-16 03:15 PM