Rengine Security Vulnerabilities and Issues — Rengine CVE List

Lucene search

YogeshojhaRengine

3 matches found

CVE•added 2024/01/01 6:15 p.m.•106 views

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.

8.8CVSS9.1AI score0.92174EPSS

CVE•added 2025/02/04 8:15 p.m.•84 views

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetration_tester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the atta...

8.8CVSS6.8AI score0.00109EPSS

CVE•added 2025/02/03 9:15 p.m.•43 views

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the ...

8.8CVSS7.1AI score0.00187EPSS