Lucene search
+L

12 matches found

nvd
nvd
added 2 days ago6 views

CVE-2026-58478

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
zeroscience
zeroscience
added 2 days ago30 views

SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

6.5CVSS6.2AI score0.00261EPSS
Exploits2
redhatcve
redhatcve
added 2026/02/11 1:33 a.m.7 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.8CVSS6.2AI score0.00977EPSS
Exploits0References1
snyk
snyk
added 2026/02/10 12:27 a.m.5 views

Missing Authentication for Critical Function

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative access an...

9.8CVSS6.2AI score0.00977EPSS
Exploits0References3
snyk
snyk
added 2026/02/10 12:27 a.m.3 views

Missing Authentication for Critical Function

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative acce...

9.8CVSS6.2AI score0.00977EPSS
Exploits0References3
github
github
added 2026/02/10 12:27 a.m.20 views

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

9.8CVSS6.3AI score0.00977EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/02/10 12:27 a.m.6 views

GHSA-V4P5-W6R3-2X4F FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

9.5CVSS6.3AI score0.00977EPSS
Exploits0References5
nvd
nvd
added 2026/02/09 11:16 p.m.10 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.8CVSS0.00977EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/09 10:18 p.m.2 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS6.2AI score0.00977EPSS
Exploits0References4Affected Software1
veracode
veracode
added 2026/02/09 9:13 p.m.6 views

Authentication Bypass

FUXA-server is vulnerable to an Authentication Bypass. The vulnerability is due to improper authentication enforcement when the Node-RED plugin is enabled, which allows an unauthenticated remote attacker to execute arbitrary code on the server...

9.8CVSS6.3AI score0.00977EPSS
Exploits0References4Affected Software2
ptsecurity
ptsecurity
added 2026/02/09 12:0 a.m.11 views

PT-2026-7182

Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 through 1.2.10 Description FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authentication bypass in FUXA allows a remote attacker to execute arbitrary code on the server when the Node-RED plugin i...

9.5CVSS6.6AI score0.00977EPSS
Exploits0References17
cnnvd
cnnvd
added 2026/02/09 12:0 a.m.8 views

FUXA 访问控制错误漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions 1.2.8 to 1.2.10 of FUXA contain an access control vulnerability. This vulnerability stems from an authentication bypass when the Node-RED plugin is enabled, allowing unverified remote attackers to execute arbitra...

9.8CVSS6.1AI score0.00977EPSS
Exploits0References3
Rows per page
Query Builder