VulnCheck KEV: CVE-2025-69985

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

PT-2026-7182

Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 through 1.2.10 Description FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authentication bypass in FUXA allows a remote attacker to execute arbitrary code on the server when the Node-RED plugin i...