Rengine@* Security Vulnerabilities and Issues — Rengine@* CVE List

Lucene search

YogeshojhaRengine*

8 matches found

CVE•added 2024/01/01 6:15 p.m.•106 views

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.

8.8CVSS9.1AI score0.92174EPSS

CVE•added 2025/02/04 8:15 p.m.•84 views

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetration_tester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the atta...

8.8CVSS6.8AI score0.00109EPSS

CVE•added 2025/02/03 9:15 p.m.•74 views

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role (such as Auditor, Penetration Tester, or Sys Admin) can extract sensitive information from other reNgine users. After running a scan and obtainin...

7.5CVSS6.7AI score0.00078EPSS

CVE•added 2024/08/16 3:15 p.m.•55 views

CVE-2024-43381

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...

5.4CVSS5.1AI score0.00141EPSS

CVE•added 2025/02/04 8:15 p.m.•51 views

CVE-2025-24966

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the appli...

5.4CVSS7.2AI score0.0005EPSS

CVE•added 2025/02/04 8:15 p.m.•44 views

CVE-2025-24967

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This v...

7.4CVSS5.7AI score0.0004EPSS

CVE•added 2025/02/03 9:15 p.m.•43 views

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the ...

8.8CVSS7.1AI score0.00187EPSS

CVE•added 2021/08/12 4:15 p.m.•32 views

CVE-2021-38606

reNgine through 0.5 relies on a predictable directory name.

9.8CVSS9.4AI score0.00433EPSS