Yogeshojha Rengine
12 CVEs affecting Yogeshojha Rengine. Latest disclosed: 2025-12-11. Critical: 3, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36566 | Critical | 9.8 | 2022-08-31 | Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. |
CVE-2022-28995 | Critical | 9.8 | 2022-05-20 | Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. |
CVE-2021-38606 | Critical | 9.8 | 2021-08-12 | reNgine through 0.5 relies on a predictable directory name. |
CVE-2024-58287 | High | 8.8 | 2025-12-11 | reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute… |
CVE-2025-24968 | High | 8.8 | 2025-02-04 | reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, suc… |
CVE-2025-24962 | High | 8.8 | 2025-02-03 | reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue… |
CVE-2023-50094 | High | 8.8 | 2024-01-01 | reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?u… |
CVE-2025-24899 | High | 7.5 | 2025-02-03 | reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (… |
CVE-2025-61319 | Medium | 6.1 | 2025-10-10 | ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload… |
CVE-2025-24967 | Medium | 5.4 | 2025-02-04 | reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user manag… |
CVE-2025-24966 | Medium | 5.4 | 2025-02-04 | reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs… |
CVE-2024-43381 | Medium | 5.0 | 2024-08-16 | reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. T… |