Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/02/10 12:27 a.m.20 views

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

9.8CVSS6.3AI score0.00977EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/09 11:16 p.m.10 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.8CVSS0.00977EPSS
Exploits0References3
OSV
OSV
added 2026/02/09 10:21 p.m.6 views

CVE-2026-25939 FUXA Unauthenticated Remote Arbitrary Scheduler Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...

9.3CVSS5.8AI score0.11393EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/09 10:18 p.m.2 views

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS6.2AI score0.00977EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder