Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

yogeshojha vulnerabilities and exploits

(subscribe to this query)
0.628
EPSS

CVE-2023-50094

reNgine prior to 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
Yogeshojha Rengine
0.004
EPSS

CVE-2021-38606

reNgine up to and including 0.5 relies on a predictable directory name.
Yogeshojha Rengine
0.001
EPSS

CVE-2024-43381

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it l...
Yogeshojha Rengine
0.013
EPSS

CVE-2022-28995

Rengine v1.0.2 exists to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
Yogeshojha Rengine 1.0.2
0.007
EPSS

CVE-2022-36566

Rengine v1.3.0 exists to contain a command injection vulnerability via the scan engine function.
Yogeshojha Rengine 1.3.0
0.000
EPSS

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability exists in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running ...
Yogeshojha Rengine
0.000
EPSS

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user i...
Yogeshojha Rengine
0.000
EPSS

CVE-2025-24966

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing malicious users to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Targ...
Yogeshojha Rengine
0.000
EPSS

CVE-2025-24967

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field duri...
Yogeshojha Rengine
0.000
EPSS

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover ...
Yogeshojha Rengine
Preferred Score:
EPSS
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-12136SSRFCVE-2025-1385injectcache poisoningsynologyCVE-2025-30066loadmastersecure connect gateway (scg) 5.0 appliance - srsCVE-2025-24813CVE-2025-30236px-labCVE-2025-1766
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook