VYPR

Rengine

by Yogeshojha

Source repositories

CVEs (9)

  • CVE-2025-24968Feb 4, 2025
    risk 0.00cvss epss 0.01

    reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover…

  • CVE-2025-24967Feb 4, 2025
    risk 0.00cvss epss 0.00

    reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during…

  • CVE-2025-24966Feb 4, 2025
    risk 0.00cvss epss 0.00

    reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target"…

  • CVE-2025-24899Feb 3, 2025
    risk 0.00cvss epss 0.01

    reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After…

  • CVE-2025-24962Feb 3, 2025
    risk 0.00cvss epss 0.01

    reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user…

  • CVE-2024-43381Aug 16, 2024
    risk 0.00cvss epss 0.00

    reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads…

  • CVE-2022-1813May 22, 2022
    risk 0.00cvss epss 0.03

    OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.

  • CVE-2021-39491Mar 24, 2022
    risk 0.00cvss epss 0.00

    A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .

  • CVE-2021-38606Aug 12, 2021
    risk 0.00cvss epss 0.01

    reNgine through 0.5 relies on a predictable directory name.