Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 04/02/2025 Updated: 04/02/2025

Unauthenticated Project Deletion Vulnerability in reNgine Reconnaissance Framework

reNgine, an automated reconnaissance framework for web applications, has a serious vulnerability in its project deletion mechanism. Users with roles like `penetration_tester` or `auditor` can delete all projects in the system, potentially leading to a complete system takeover. After deletion, attackers can be redirected to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings such as API keys and user preferences. This security issue impacts all versions up to and including 2.20. The vulnerability currently has no known workarounds, and users are recommended to monitor the project for future releases that will address this problem.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yogeshojha rengine

CWE-284 https://nvd.nist.gov https://www.first.org/epss https://github.com/yogeshojha/rengine/security/advisories/GHSA-3327-6x79-q396 https://github.com/yogeshojha/rengine/security/advisories/GHSA-3327-6x79-q396

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-24968

Vulnerability Summary

References

Vulmon Search

About

Products

Connect