Frangoteam Fuxa

19 CVEs affecting Frangoteam Fuxa. Latest disclosed: 2026-02-24. Critical: 13, High: 6.

Top CVEs affecting Frangoteam Fuxa
CVESeverityScorePublishedSummary
CVE-2025-69985Critical9.82026-02-24FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-hel…
CVE-2026-25938Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an u…
CVE-2026-25895Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to…
CVE-2026-25894Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker…
CVE-2026-25893Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthentic…
CVE-2025-69983Critical9.82026-02-03FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied script…
CVE-2025-69981Critical9.82026-02-03FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauth…
CVE-2025-69971Critical9.82026-02-03FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tok…
CVE-2023-31719Critical9.82023-09-22FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
CVE-2023-33831Critical9.82023-09-18A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST…
CVE-2025-69970Critical9.32026-02-03FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causi…
CVE-2026-25939Critical9.12026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA…
CVE-2026-25752Critical9.12026-02-06FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attac…
CVE-2026-25751High7.52026-02-06FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote att…
CVE-2023-31718High7.52023-09-22FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
CVE-2023-31717High7.52023-09-22A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
CVE-2023-31716High7.52023-09-22FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
CVE-2021-45851High7.52022-03-16A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal envir…
CVE-2026-25951High7.22026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticat…