Frangoteam Fuxa
19 CVEs affecting Frangoteam Fuxa. Latest disclosed: 2026-02-24. Critical: 13, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-69985 | Critical | 9.8 | 2026-02-24 | FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-hel… |
CVE-2026-25938 | Critical | 9.8 | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an u… |
CVE-2026-25895 | Critical | 9.8 | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to… |
CVE-2026-25894 | Critical | 9.8 | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker… |
CVE-2026-25893 | Critical | 9.8 | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthentic… |
CVE-2025-69983 | Critical | 9.8 | 2026-02-03 | FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied script… |
CVE-2025-69981 | Critical | 9.8 | 2026-02-03 | FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauth… |
CVE-2025-69971 | Critical | 9.8 | 2026-02-03 | FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tok… |
CVE-2023-31719 | Critical | 9.8 | 2023-09-22 | FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. |
CVE-2023-33831 | Critical | 9.8 | 2023-09-18 | A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST… |
CVE-2025-69970 | Critical | 9.3 | 2026-02-03 | FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causi… |
CVE-2026-25939 | Critical | 9.1 | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA… |
CVE-2026-25752 | Critical | 9.1 | 2026-02-06 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attac… |
CVE-2026-25751 | High | 7.5 | 2026-02-06 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote att… |
CVE-2023-31718 | High | 7.5 | 2023-09-22 | FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. |
CVE-2023-31717 | High | 7.5 | 2023-09-22 | A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. |
CVE-2023-31716 | High | 7.5 | 2023-09-22 | FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log |
CVE-2021-45851 | High | 7.5 | 2022-03-16 | A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal envir… |
CVE-2026-25951 | High | 7.2 | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticat… |