FUXA 1.2.9 - RCE

Exploit Title: FUXA 1.2.9 - RCE Date: 4/24/2026 Exploit Author: Anthony Cihan Hann1bl3L3ct3r Vendor Homepage: https://github.com/frangoteam/FUXA Version: Arbitrary File Write - RCE Affected: FUXA makes Node's path.resolve climb out of appDir to anywhere the FUXA process can write. fullPath/fileNa...

Exploit for Missing Authentication for Critical Function in Frangoteam Fuxa

CVE-2026-25895 — FUXA for code execution within 60 seconds...

CVE-2026-25895

creationtimestamp| type| source ---|---|--- 2026-02-10 00:00:48+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mehntchb352m 2026-02-10 00:00:50+00:00| seen| https://infosec.exchange/users/offseq/statuses/116043392265377056 2026-04-24 22:00:05+00:00| published-proof-of-concept|...

CVE-2024-25895

A reflected cross-site scripting XSS vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php...

CVE-2025-25895

creationtimestamp| type| source ---|---|--- 2025-02-18 22:15:56+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3liiby2pq7x2p 2025-02-19 01:11:13+00:00| seen| https://t.me/cvedetector/18395 2025-02-19 02:11:32+00:00| seen|...

CVE-2025-25895

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the publictype parameter. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

CVE-2025-25895

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the publictype parameter. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

CVE-2024-25895

creationtimestamp| type| source ---|---|--- 2024-02-21 19:21:59+00:00| seen| https://t.me/ctinow/189971 2024-02-21 19:26:31+00:00| seen| https://t.me/ctinow/189984 2024-02-22 20:29:54+00:00| seen| https://t.me/arpsyndicate/4035 2024-03-13 10:41:08+00:00| seen| https://t.me/ctinow/206536...

CVE-2024-25895

A reflected cross-site scripting XSS vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php...

CVE-2024-25895

A reflected cross-site scripting XSS vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php...

CVE-2024-25895

CVE-2024-25895 affects ChurchCRM 5.5.0. The vulnerability is a reflected cross-site scripting (XSS) in the /EventAttendance.php endpoint, exploitable via the type parameter. The underlying cause is improper handling of user-supplied input in that parameter, allowing an attacker to inject arbitrar...

CVE-2023-25895

Adobe Dimension versions 3.4.7 and earlier is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-25895

CVE-2023-25895 describes a Heap-based Buffer Overflow in Adobe Dimension versions 3.4.7 and earlier that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file); the attack vector is local. Multiple sourc...

Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)

The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...

CVE-2022-25895

CVE-2022-25895 affects lite-dev-server. All versions are vulnerable to Directory Traversal due to missing input sanitization and sandboxing of the req.url input passed to the server code. The root cause is that the server reads and uses user-supplied URLs without proper normalization, enabling ac...

CVE-2022-25895 Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)

lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: SNYK:JS-LITEDEVSERVER-3153718...