Node RED Dashboard <2.26.2 - Local File Inclusion

NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows uibase/js/..%2f directory traversal to read files. id: CVE-2021-3223 info: name: Node RED Dashboard 2.26.2 - Local File Inclusion author: gy741,pikpikcu severity: high description: NodeRED-Dashboard before...

FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

GHSA-P69W-MMFV-XRFJ FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

PT-2026-43445

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

Malicious Package

Overview node-red-contrib-yolo-object-detection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious code in node-red-contrib-yolo-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2845 Malicious code in node-red-contrib-yolo-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

Missing Authentication for Critical Function

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative acce...

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

Missing Authentication for Critical Function

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative access an...

GHSA-V4P5-W6R3-2X4F FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

CVE-2026-25938

CVE-2026-25938 affects FUXA (web-based Process Visualization) versions 1.2.8–1.2.10. A vulnerability in the Node-RED plugin allows an unauthenticated attacker to bypass authentication and execute arbitrary code on the server. The issue has been fixed in version 1.2.11. The CVSS v4.0 base score is...

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

Authentication Bypass

FUXA-server is vulnerable to an Authentication Bypass. The vulnerability is due to improper authentication enforcement when the Node-RED plugin is enabled, which allows an unauthenticated remote attacker to execute arbitrary code on the server...

FUXA 访问控制错误漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions 1.2.8 to 1.2.10 of FUXA contain an access control vulnerability. This vulnerability stems from an authentication bypass when the Node-RED plugin is enabled, allowing unverified remote attackers to execute arbitra...