Rengine
by Yogeshojha
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24968 | 0.00 | — | 0.01 | Feb 4, 2025 | reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover… | |||
| CVE-2025-24967 | 0.00 | — | 0.00 | Feb 4, 2025 | reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during… | |||
| CVE-2025-24966 | 0.00 | — | 0.00 | Feb 4, 2025 | reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target"… | |||
| CVE-2025-24899 | 0.00 | — | 0.01 | Feb 3, 2025 | reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After… | |||
| CVE-2025-24962 | 0.00 | — | 0.01 | Feb 3, 2025 | reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user… | |||
| CVE-2024-43381 | 0.00 | — | 0.00 | Aug 16, 2024 | reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads… | |||
| CVE-2022-1813 | 0.00 | — | 0.03 | May 22, 2022 | OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | |||
| CVE-2021-39491 | 0.00 | — | 0.00 | Mar 24, 2022 | A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . | |||
| CVE-2021-38606 | 0.00 | — | 0.01 | Aug 12, 2021 | reNgine through 0.5 relies on a predictable directory name. |
- CVE-2025-24968Feb 4, 2025risk 0.00cvss —epss 0.01
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover…
- CVE-2025-24967Feb 4, 2025risk 0.00cvss —epss 0.00
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during…
- CVE-2025-24966Feb 4, 2025risk 0.00cvss —epss 0.00
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target"…
- CVE-2025-24899Feb 3, 2025risk 0.00cvss —epss 0.01
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After…
- CVE-2025-24962Feb 3, 2025risk 0.00cvss —epss 0.01
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user…
- CVE-2024-43381Aug 16, 2024risk 0.00cvss —epss 0.00
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads…
- CVE-2022-1813May 22, 2022risk 0.00cvss —epss 0.03
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.
- CVE-2021-39491Mar 24, 2022risk 0.00cvss —epss 0.00
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .
- CVE-2021-38606Aug 12, 2021risk 0.00cvss —epss 0.01
reNgine through 0.5 relies on a predictable directory name.