12 matches found
CVE-2026-58478
Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...
SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF
Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...
CVE-2026-25938
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...
Missing Authentication for Critical Function
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative access an...
Missing Authentication for Critical Function
Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative acce...
FUXA Unauthenticated Remote Code Execution in Node-RED Integration
Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...
GHSA-V4P5-W6R3-2X4F FUXA Unauthenticated Remote Code Execution in Node-RED Integration
Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...
CVE-2026-25938
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...
CVE-2026-25938
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...
Authentication Bypass
FUXA-server is vulnerable to an Authentication Bypass. The vulnerability is due to improper authentication enforcement when the Node-RED plugin is enabled, which allows an unauthenticated remote attacker to execute arbitrary code on the server...
PT-2026-7182
Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 through 1.2.10 Description FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authentication bypass in FUXA allows a remote attacker to execute arbitrary code on the server when the Node-RED plugin i...
FUXA 访问控制错误漏洞
FUXA is a web-based process visualization software developed by frangoteam. Versions 1.2.8 to 1.2.10 of FUXA contain an access control vulnerability. This vulnerability stems from an authentication bypass when the Node-RED plugin is enabled, allowing unverified remote attackers to execute arbitra...