Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.8 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.5AI score0.00463EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.8 views

FUXA allows Remote Code Execution (RCE) via the project import functionality.

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

9.8CVSS5.7AI score0.00416EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/03 6:16 p.m.10 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

9.8CVSS0.00726EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69971

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

5.5AI score0.02036EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 12:0 a.m.26 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

0.00726EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 12:0 a.m.30 views

CVE-2025-69970

CVE-2025-69970 affects FUXA v1.2.7, where an insecure default configuration exists in server/settings.default.js: the secureEnabled flag is commented out, causing authentication to be disabled on startup. This enables unauthenticated remote access to sensitive API endpoints, with capabilities to ...

9.3CVSS5.5AI score0.00463EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder