Rengine
by Rengine
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-50094 | 0.01 | — | 0.14 | Jan 1, 2024 | reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output. | |||
| CVE-2024-58287 | 0.00 | — | 0.03 | Dec 11, 2025 | reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote… | |||
| CVE-2025-61319 | 0.00 | — | 0.00 | Oct 10, 2025 | ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's… | |||
| CVE-2025-24968 | 0.00 | — | 0.01 | Feb 4, 2025 | reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover… | |||
| CVE-2025-24967 | 0.00 | — | 0.00 | Feb 4, 2025 | reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during… | |||
| CVE-2025-24899 | 0.00 | — | 0.01 | Feb 3, 2025 | reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After… | |||
| CVE-2025-24962 | 0.00 | — | 0.01 | Feb 3, 2025 | reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user… | |||
| CVE-2024-43381 | 0.00 | — | 0.00 | Aug 16, 2024 | reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads… | |||
| CVE-2022-36566 | 0.00 | — | 0.02 | Aug 31, 2022 | Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. | |||
| CVE-2022-28995 | 0.00 | — | 0.02 | May 20, 2022 | Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. |
- CVE-2023-50094Jan 1, 2024risk 0.01cvss —epss 0.14
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
- CVE-2024-58287Dec 11, 2025risk 0.00cvss —epss 0.03
reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote…
- CVE-2025-61319Oct 10, 2025risk 0.00cvss —epss 0.00
ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's…
- CVE-2025-24968Feb 4, 2025risk 0.00cvss —epss 0.01
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover…
- CVE-2025-24967Feb 4, 2025risk 0.00cvss —epss 0.00
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during…
- CVE-2025-24899Feb 3, 2025risk 0.00cvss —epss 0.01
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After…
- CVE-2025-24962Feb 3, 2025risk 0.00cvss —epss 0.01
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user…
- CVE-2024-43381Aug 16, 2024risk 0.00cvss —epss 0.00
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads…
- CVE-2022-36566Aug 31, 2022risk 0.00cvss —epss 0.02
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.
- CVE-2022-28995May 20, 2022risk 0.00cvss —epss 0.02
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.