Lucene search
K

243 matches found

Nuclei
Nuclei
added 10 hours ago115 views

FUXA - Unauthenticated Remote Code Execution

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2023-33831 info: name: FUXA - Unauthenticated Remote Code Execution author: gy741 severity: critical description: | A remot...

9.8CVSS7.3AI score0.13746EPSS
Exploits3References4
Nuclei
Nuclei
added 10 hours ago12 views

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions. id: CVE-2025-69971 info: name: FUXA = 1.2.7 - Hardcoded J...

9.8CVSS6.1AI score0.02036EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 8:24 p.m.35 views

CVE-2026-13207 Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 8:24 p.m.7 views

EUVD-2026-40409

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 8:24 p.m.21 views

CVE-2026-13207

The CVE refers to FUXA prior to 1.3.2 with an authentication bypass in the REST API caused by improper normalization of dot-segments in the router. Prefixing paths with dot-segments (e.g., /api/./users, /api/./roles, /api/project/../users) can bypass authentication and expose protected data such ...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/06/12 12:0 a.m.51 views

VulnCheck KEV: CVE-2026-25939

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...

9.3CVSS5.4AI score0.11393EPSS
In wildExploits1References3
OSV
OSV
added 2026/05/26 11:44 p.m.73 views

GHSA-RG3M-CFQ7-G6H6 FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass

Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...

9.3CVSS6.3AI score0.00751EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/26 11:44 p.m.16 views

FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass

Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...

6.3AI score0.00751EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 11:41 p.m.34 views

FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue

Summary An authorization bypass in the /api/getTagValue endpoint allows unauthenticated access to tag values when the referenced script does not exist. Details The issue is caused by the combination of these code paths: - server/api/apikeys/verify-api-or-token.js:45 sends requests without x-api-k...

6AI score0.00143EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/26 11:40 p.m.19 views

GHSA-P69W-MMFV-XRFJ FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

9.3CVSS6.5AI score0.00937EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/26 11:40 p.m.18 views

FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

6.5AI score0.00937EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2026/05/26 4:6 p.m.10 views

CVE-2026-47717

creationtimestamp| type| source ---|---|--- 2026-05-26 16:06:13+00:00| published-proof-of-concept| https://github.com/frangoteam/FUXA/security/advisories/GHSA-q3w6-q3hc-c5x6 2026-06-18 02:57:08+00:00| confirmed|...

4.9AI score0.00088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43445

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

9.3CVSS6.5AI score0.00937EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-43447

Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...

9.3CVSS6.3AI score0.00751EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2026/05/21 12:0 a.m.104 views

📄 FUXA 1.2.9 Remote Code Execution

FUXA versions 1.2.9 and below suffers from an unauthenticated path traversal vulnerability that leads to arbitrary file write that enables remote code execution. Exploit Title: FUXA 1.2.9 - RCE Date: 4/24/2026 Exploit Author: Anthony Cihan Hann1bl3L3ct3r Vendor Homepage:...

9.8CVSS6.2AI score0.02675EPSS
Exploits3
Exploit DB
Exploit DB
added 2026/05/21 12:0 a.m.93 views

FUXA 1.2.9 - RCE

Exploit Title: FUXA 1.2.9 - RCE Date: 4/24/2026 Exploit Author: Anthony Cihan Hann1bl3L3ct3r Vendor Homepage: https://github.com/frangoteam/FUXA Version: Arbitrary File Write - RCE Affected: FUXA makes Node's path.resolve climb out of appDir to anywhere the FUXA process can write. fullPath/fileNa...

9.8CVSS5.8AI score0.02675EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/04 1:17 a.m.97 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Frangoteam Fuxa

CVE-2025-69985: Exploit para Autenticación Bypass a RCE en FUX...

9.8CVSS5.8AI score0.05633EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/05/02 12:40 p.m.138 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Frangoteam Fuxa

CVE-2025-69985: FUXA ≤ 1.2.8 Authentication Bypass + RCE Explo...

9.8CVSS6.4AI score0.05633EPSS
Exploits7
Exploit DB
Exploit DB
added 2026/04/30 12:0 a.m.94 views

FUXA 1.2.8 - Authentication Bypass + RCE Exploit

Exploit Title: FUXA 1.2.8 - Authentication Bypass + RCE Exploit Date: 2026-02-25 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll/ Software Link: https://github.com/frangoteam/FUXA/tree/v1.2.8 Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA 1.2.8. Do not u...

9.8CVSS5.2AI score0.05633EPSS
Exploits7
Rows per page
Query Builder