VYPR

Rengine

by Rengine

Source repositories

CVEs (10)

  • CVE-2023-50094Jan 1, 2024
    risk 0.01cvss epss 0.14

    reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.

  • CVE-2024-58287Dec 11, 2025
    risk 0.00cvss epss 0.03

    reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote…

  • CVE-2025-61319Oct 10, 2025
    risk 0.00cvss epss 0.00

    ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's…

  • CVE-2025-24968Feb 4, 2025
    risk 0.00cvss epss 0.01

    reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover…

  • CVE-2025-24967Feb 4, 2025
    risk 0.00cvss epss 0.00

    reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during…

  • CVE-2025-24899Feb 3, 2025
    risk 0.00cvss epss 0.01

    reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After…

  • CVE-2025-24962Feb 3, 2025
    risk 0.00cvss epss 0.01

    reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user…

  • CVE-2024-43381Aug 16, 2024
    risk 0.00cvss epss 0.00

    reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads…

  • CVE-2022-36566Aug 31, 2022
    risk 0.00cvss epss 0.02

    Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.

  • CVE-2022-28995May 20, 2022
    risk 0.00cvss epss 0.02

    Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.