Lucene search
K

8 matches found

Nuclei
Nuclei
added 18 hours ago90 views

FUXA - Unauthenticated Remote Code Execution

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2023-33831 info: name: FUXA - Unauthenticated Remote Code Execution author: gy741 severity: critical description: | A remot...

9.8CVSS7.5AI score0.13746EPSS
Exploits3References4
Nuclei
Nuclei
added 18 hours ago12 views

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions. id: CVE-2025-69971 info: name: FUXA = 1.2.7 - Hardcoded J...

9.8CVSS6AI score0.02036EPSS
Exploits0References3
CVE
CVE
added 5 days ago12 views

CVE-2026-13207

The CVE refers to FUXA prior to 1.3.2 with an authentication bypass in the REST API caused by improper normalization of dot-segments in the router. Prefixing paths with dot-segments (e.g., /api/./users, /api/./roles, /api/project/../users) can bypass authentication and expose protected data such ...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/24 9:26 p.m.197 views

Exploit for Missing Authentication for Critical Function in Frangoteam Fuxa

CVE-2026-25895 — FUXA for code execution within 60 seconds...

9.8CVSS6.3AI score0.02675EPSS
Exploits3
Snyk
Snyk
added 2026/03/07 2:31 a.m.5 views

Use of Hard-coded Cryptographic Key

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the authentication process when a static fallback JWT signing secret is used if no custom secret is configured. An...

7.6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/02/10 12:29 a.m.3 views

Directory Traversal

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Directory Traversal due to the improper sanitization of nested traversal sequences e.g., ....// in multiple API endpoints. An attacker can gain full syst...

8.6CVSS6.6AI score0.01216EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/09/13 8:25 p.m.311 views

Exploit for Command Injection in Frangoteam Fuxa

exploitCVE-2023-33831 CVE-2023-33831 Installation ba...

9.8CVSS9.7AI score0.13746EPSS
Exploits3
GithubExploit
GithubExploit
added 2023/09/03 7:25 p.m.480 views

Exploit for Command Injection in Frangoteam Fuxa

Unauthenticated RCE FUXA CVE-2023-33831 The vulnerability affe...

9.8CVSS9.6AI score0.13746EPSS
Exploits3
Rows per page
Query Builder