Lucene search
K

8 matches found

CVE
CVE
added yesterday8 views

CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS5.8AI score
Exploits0References3
Nuclei
Nuclei
added yesterday90 views

FUXA - Unauthenticated Remote Code Execution

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2023-33831 info: name: FUXA - Unauthenticated Remote Code Execution author: gy741 severity: critical description: | A remot...

9.8CVSS7.7AI score0.13746EPSS
Exploits3References4
Nuclei
Nuclei
added 3 days ago11 views

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions. id: CVE-2025-69971 info: name: FUXA = 1.2.7 - Hardcoded J...

9.8CVSS5.8AI score0.02036EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/24 9:26 p.m.183 views

Exploit for Missing Authentication for Critical Function in Frangoteam Fuxa

CVE-2026-25895 — FUXA for code execution within 60 seconds...

9.8CVSS6.3AI score0.02675EPSS
Exploits3
Snyk
Snyk
added 2026/03/07 2:31 a.m.5 views

Use of Hard-coded Cryptographic Key

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the authentication process when a static fallback JWT signing secret is used if no custom secret is configured. An...

7.6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/02/10 12:29 a.m.3 views

Directory Traversal

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Directory Traversal due to the improper sanitization of nested traversal sequences e.g., ....// in multiple API endpoints. An attacker can gain full syst...

8.6CVSS6.6AI score0.01216EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/09/13 8:25 p.m.308 views

Exploit for Command Injection in Frangoteam Fuxa

exploitCVE-2023-33831 CVE-2023-33831 Installation ba...

9.8CVSS9.7AI score0.13746EPSS
Exploits3
GithubExploit
GithubExploit
added 2023/09/03 7:25 p.m.471 views

Exploit for Command Injection in Frangoteam Fuxa

Unauthenticated RCE FUXA CVE-2023-33831 The vulnerability affe...

9.8CVSS9.6AI score0.13746EPSS
Exploits3
Rows per page
Query Builder