246 matches found
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
FUXA allows Remote Code Execution (RCE) via the project import functionality.
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
GHSA-5R63-Q8HG-P8QX FUXA allows Remote Code Execution (RCE) via the project import functionality.
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
CVE-2025-69983 (FUXA v1.2.7) is a Remote Code Execution vulnerability exposed via the project import functionality. The issue arises because user-supplied scripts within imported project files are not properly sanitized or sandboxed, enabling an attacker to upload a malicious project that could e...
PT-2026-5981
Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description FUXA version 1.2.7 contains a Remote Code Execution RCE issue through the project import functionality. The application fails to properly sanitize or sandbox user-supplied scripts within imported project files. A...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the project import function not properly cleaning or sandboxing the scripts provided by users. As a result, remote code execution may...
PT-2026-6372
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
EUVD-2025-206715
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2020-10956
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature...
CVE-2023-29502
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path...
CVE-2025-60786
A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...
CVE-2025-60786
A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...
PT-2025-51249
A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...
CVE-2025-13791
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is...
CVE-2025-13791
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is...
CVE-2025-13791
The CVE-2025-13791 issue affects Scada-LTS up to version 2.7.8.1, specifically the Common.getHomeDir function in br/org/scadabr/vo/exporter/ZIPProjectManager.java of the Project Import component. The vulnerability enables path traversal, with the attack potentially executable remotely. Public exp...