Yogeshojha Rengine

12 CVEs affecting Yogeshojha Rengine. Latest disclosed: 2025-12-11. Critical: 3, High: 5.

Top CVEs affecting Yogeshojha Rengine
CVESeverityScorePublishedSummary
CVE-2022-36566Critical9.82022-08-31Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.
CVE-2022-28995Critical9.82022-05-20Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
CVE-2021-38606Critical9.82021-08-12reNgine through 0.5 relies on a predictable directory name.
CVE-2024-58287High8.82025-12-11reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute…
CVE-2025-24968High8.82025-02-04reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, suc…
CVE-2025-24962High8.82025-02-03reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue…
CVE-2023-50094High8.82024-01-01reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?u…
CVE-2025-24899High7.52025-02-03reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (…
CVE-2025-61319Medium6.12025-10-10ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload…
CVE-2025-24967Medium5.42025-02-04reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user manag…
CVE-2025-24966Medium5.42025-02-04reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs…
CVE-2024-43381Medium5.02024-08-16reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. T…