📦 Rengine

Rengine v1.0.2 contains a remote code execution vulnerability through its YAML configuration function, allowing attackers to execute arbitrary code on affected systems. This affects all deployments ru...

CVE-2021-38606 is a vulnerability in reNgine (a reconnaissance framework) where predictable directory names allow attackers to access sensitive files. This affects all users running vulnerable version...

CVE-2024-58287 is an authenticated command injection vulnerability in reNgine 2.2.0 that allows attackers to execute arbitrary commands on the server. Attackers can inject malicious base64-encoded pay...

This vulnerability in reNgine allows attackers with penetration_tester or auditor roles to delete all projects, leading to system takeover via redirection to the onboarding page where they can modify ...

CVE-2025-24962 is a command injection vulnerability in reNgine's nmap_cmd parameter that allows authenticated users to execute arbitrary commands on the underlying operating system. This affects all r...

This vulnerability in reNgine allows any authenticated user (including those with low-privilege roles like Auditor) to extract sensitive information about other users by exploiting an API endpoint. Th...

CVE-2023-50094 is an OS command injection vulnerability in reNgine web application security scanner versions before 2.1.2. An authenticated attacker can execute arbitrary commands with root privileges...

ReNgine versions through 2.2.0 contain a stored XSS vulnerability in the Vulnerabilities module. When scanning targets with XSS payloads, the unsanitized payload renders in the web UI, allowing attack...

A stored cross-site scripting (XSS) vulnerability in reNgine's admin panel allows attackers to inject malicious scripts into username fields during user creation. When administrators view or interact ...