Lucene search

K

5 matches found

CVE
CVE
added 2025/02/04 8:15 p.m.84 views

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetration_tester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the atta...

8.8CVSS6.8AI score0.00109EPSS
CVE
CVE
added 2025/02/03 9:15 p.m.74 views

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role (such as Auditor, Penetration Tester, or Sys Admin) can extract sensitive information from other reNgine users. After running a scan and obtainin...

7.5CVSS6.7AI score0.00078EPSS
CVE
CVE
added 2025/02/04 8:15 p.m.51 views

CVE-2025-24966

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the appli...

5.4CVSS7.2AI score0.0005EPSS
CVE
CVE
added 2025/02/04 8:15 p.m.44 views

CVE-2025-24967

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This v...

7.4CVSS5.7AI score0.0004EPSS
CVE
CVE
added 2025/02/03 9:15 p.m.43 views

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the ...

8.8CVSS7.1AI score0.00187EPSS