Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yogeshojha vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-50094
reNgine prior to 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
Yogeshojha Rengine
1 Github repository
5.4
CVSSv3
CVE-2024-43381
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it l...
Yogeshojha Rengine
9.8
CVSSv3
CVE-2021-38606
reNgine up to and including 0.5 relies on a predictable directory name.
Yogeshojha Rengine
9.8
CVSSv3
CVE-2022-36566
Rengine v1.3.0 exists to contain a command injection vulnerability via the scan engine function.
Yogeshojha Rengine 1.3.0
9.8
CVSSv3
CVE-2022-28995
Rengine v1.0.2 exists to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
Yogeshojha Rengine 1.0.2
8.7
CVSSv4
CVE-2025-24962
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user i...
Yogeshojha Rengine
5.3
CVSSv4
CVE-2025-24966
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing malicious users to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Targ...
Yogeshojha Rengine
7.4
CVSSv4
CVE-2025-24967
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field duri...
Yogeshojha Rengine
8.8
CVSSv3
CVE-2025-24968
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover ...
Yogeshojha Rengine
7.1
CVSSv4
CVE-2025-24899
reNgine is an automated reconnaissance framework for web applications. A vulnerability exists in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running ...
Yogeshojha Rengine
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusion
unspecified
CVE-2025-24200
reflected XSS
panel
CVE-2024-12549
temporal technologies, inc.
CVE-2024-21971
CVE-2024-57777
CVE-2023-31122
CVE-2025-0909
winzip computing
unified secops platform
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »