Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
β€’added 2026/02/10 12:27 a.m.β€’18 views

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

9.8CVSS6.3AI score0.00977EPSS
Exploits0References5Affected Software1
CVE
CVE
β€’added 2026/02/09 10:21 p.m.β€’23 views

CVE-2026-25939

Summary : FUXA is a web-based SCADA/HMI/dashboard. From v1.2.8 to v1.2.10, an authorization bypass allows an unauthenticated, remote attacker to create/modify arbitrary schedulers via the REST endpoint (notably POST/DELETE /api/scheduler), exposing connected ICS/SCADA environments to follow-on ac...

9.3CVSS5.7AI score0.12047EPSS
In wildExploits1References3Affected Software1
Vulnrichment
Vulnrichment
β€’added 2026/02/09 10:18 p.m.β€’2 views

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS6.2AI score0.00977EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
β€’added 2026/02/09 10:18 p.m.β€’2 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS6.2AI score0.00977EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder