Frangoteam

Fuxa

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-69985

Exploit
  • EPSS 0.64%
  • Veröffentlicht 24.02.2026 00:00:00
  • Zuletzt bearbeitet 26.02.2026 19:39:20

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal r...

9.8

CVE-2026-25895

  • EPSS 0.05%
  • Veröffentlicht 09.02.2026 22:29:48
  • Zuletzt bearbeitet 13.02.2026 20:32:48

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA th...

9.8

CVE-2026-25894

  • EPSS 0.07%
  • Veröffentlicht 09.02.2026 22:28:46
  • Zuletzt bearbeitet 13.02.2026 20:33:42

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA t...

9.8

CVE-2026-25893

  • EPSS 0.1%
  • Veröffentlicht 09.02.2026 22:26:45
  • Zuletzt bearbeitet 13.02.2026 20:35:25

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execu...

7.2

CVE-2026-25951

  • EPSS 0.03%
  • Veröffentlicht 09.02.2026 22:24:25
  • Zuletzt bearbeitet 13.02.2026 20:28:36

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By us...

9.1

CVE-2026-25939

  • EPSS 0.02%
  • Veröffentlicht 09.02.2026 22:21:03
  • Zuletzt bearbeitet 13.02.2026 20:31:09

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, expo...

9.8

CVE-2026-25938

  • EPSS 0.13%
  • Veröffentlicht 09.02.2026 22:18:15
  • Zuletzt bearbeitet 13.02.2026 20:31:47

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED p...

9.1

CVE-2026-25752

  • EPSS 0.02%
  • Veröffentlicht 06.02.2026 19:16:10
  • Zuletzt bearbeitet 10.02.2026 14:31:52

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote at...

7.5

CVE-2026-25751

  • EPSS 0.02%
  • Veröffentlicht 06.02.2026 19:16:10
  • Zuletzt bearbeitet 10.02.2026 14:33:38

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an una...

9.8

CVE-2025-69983

  • EPSS 0.32%
  • Veröffentlicht 03.02.2026 00:00:00
  • Zuletzt bearbeitet 11.02.2026 18:16:05

FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing syst...