Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xthd-ntap-43dp
SummaryreNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
Aliases
0
alias CVE-2025-24968
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24968
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57922
published_at 2026-06-06T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57898
published_at 2026-06-08T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.57915
published_at 2026-06-09T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.57914
published_at 2026-06-05T12:55:00Z
4
value 0.00352
scoring_system epss
scoring_elements 0.57911
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24968
1
reference_url https://github.com/yogeshojha/rengine/security/advisories/GHSA-3327-6x79-q396
reference_id GHSA-3327-6x79-q396
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-04T19:52:21Z/
url https://github.com/yogeshojha/rengine/security/advisories/GHSA-3327-6x79-q396
Weaknesses
0
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Exploits
Severity_range_score8.8 - 8.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xthd-ntap-43dp