Yogeshojha

Rengine

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-24966

Exploit
  • EPSS 0.11%
  • Veröffentlicht 04.02.2025 20:15:50
  • Zuletzt bearbeitet 13.05.2025 18:46:23

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exis...

5.4

CVE-2025-24967

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.02.2025 20:15:50
  • Zuletzt bearbeitet 13.05.2025 18:43:01

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads int...

8.8

CVE-2025-24968

Exploit
  • EPSS 0.14%
  • Veröffentlicht 04.02.2025 20:15:50
  • Zuletzt bearbeitet 13.05.2025 18:39:25

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead ...

8.8

CVE-2025-24962

Exploit
  • EPSS 0.44%
  • Veröffentlicht 03.02.2025 21:15:16
  • Zuletzt bearbeitet 13.05.2025 19:21:43

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. User...

7.5

CVE-2025-24899

Exploit
  • EPSS 0.1%
  • Veröffentlicht 03.02.2025 21:15:15
  • Zuletzt bearbeitet 13.05.2025 19:23:48

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from...

5.4

CVE-2024-43381

Exploit
  • EPSS 0.33%
  • Veröffentlicht 16.08.2024 15:15:29
  • Zuletzt bearbeitet 11.09.2024 13:02:26

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record cont...

8.8

CVE-2023-50094

Exploit
  • EPSS 92.17%
  • Veröffentlicht 01.01.2024 18:15:09
  • Zuletzt bearbeitet 17.04.2025 19:15:57

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.

9.8

CVE-2022-36566

Exploit
  • EPSS 5.14%
  • Veröffentlicht 31.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:13:19

Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.

9.8

CVE-2022-28995

Exploit
  • EPSS 3.06%
  • Veröffentlicht 20.05.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:58:18

Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.

9.8

CVE-2021-38606

  • EPSS 0.43%
  • Veröffentlicht 12.08.2021 16:15:10
  • Zuletzt bearbeitet 21.11.2024 06:17:40

reNgine through 0.5 relies on a predictable directory name.