Lucene search
+L

260 matches found

nuclei
nuclei
added yesterday171 views

Node RED Dashboard <2.26.2 - Local File Inclusion

NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows uibase/js/..%2f directory traversal to read files. id: CVE-2021-3223 info: name: Node RED Dashboard 2.26.2 - Local File Inclusion author: gy741,pikpikcu severity: high description: NodeRED-Dashboard before...

7.5CVSS7AI score0.18512EPSS
Exploits1References5
nvd
nvd
added 2 days ago6 views

CVE-2026-58478

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
cve
cve
added 2 days ago2 views

CVE-2026-58478

SIP 5.2.16 has a server-side request forgery (SSRF) vulnerability when the optional Node-RED plugin is installed. An unauthenticated attacker can supply a malicious callback URL and cause the device to issue arbitrary HTTP requests due to lack of destination validation, aided by the default passp...

6.5CVSS6.2AI score0.00261EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2 days ago27 views

CVE-2026-58478 Sustainable Irrigation Platform 5.2.16 SSRF via Node-RED Callback URL

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
zeroscience
zeroscience
added 2 days ago30 views

SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

6.5CVSS6.2AI score0.00261EPSS
Exploits2
osv
osv
added 2026/05/26 11:40 p.m.19 views

GHSA-P69W-MMFV-XRFJ FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

9.3CVSS6.5AI score0.00937EPSS
Exploits0References3
github
github
added 2026/05/26 11:40 p.m.19 views

FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

6.5AI score0.00937EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.18 views

PT-2026-43445

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

9.3CVSS6.5AI score0.00937EPSS
Exploits0References5
ossf
ossf
added 2026/04/17 11:30 a.m.12 views

Malicious code in node-red-contrib-yolo-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
snyk
snyk
added 2026/04/17 11:30 a.m.6 views

Malicious Package

Overview node-red-contrib-yolo-object-detection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.7AI score
Exploits0References2
osv
osv
added 2026/04/17 11:30 a.m.5 views

MAL-2026-2845 Malicious code in node-red-contrib-yolo-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
redhatcve
redhatcve
added 2026/02/11 1:33 a.m.7 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.8CVSS6.2AI score0.00977EPSS
Exploits0References1
snyk
snyk
added 2026/02/10 12:27 a.m.5 views

Missing Authentication for Critical Function

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative access an...

9.8CVSS6.2AI score0.00977EPSS
Exploits0References3
snyk
snyk
added 2026/02/10 12:27 a.m.3 views

Missing Authentication for Critical Function

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative acce...

9.8CVSS6.2AI score0.00977EPSS
Exploits0References3
github
github
added 2026/02/10 12:27 a.m.20 views

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

9.8CVSS6.3AI score0.00977EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/02/10 12:27 a.m.5 views

GHSA-V4P5-W6R3-2X4F FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

9.5CVSS6.3AI score0.00977EPSS
Exploits0References5
nvd
nvd
added 2026/02/09 11:16 p.m.10 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.8CVSS0.00977EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/09 10:18 p.m.34 views

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS0.00977EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/09 10:18 p.m.2 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS6.2AI score0.00977EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2026/02/09 10:18 p.m.2 views

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS6.2AI score0.00977EPSS
Exploits0References3
Rows per page
Query Builder