📦 Fuxa

CVE-2025-69985 is an authentication bypass vulnerability in FUXA SCADA/HMI software that allows remote unauthenticated attackers to execute arbitrary Node.js code on affected servers. The vulnerabilit...

An authentication bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to execute arbitrary code on the server when the Node-RED plugin is enabled. This af...

An authorization bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to create and modify arbitrary schedulers. This affects FUXA versions 1.2.8 through 1...

An authentication bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to gain administrative access via the heartbeat refresh API. This can lead to arbitr...

An insecure default configuration in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to gain administrative access and execute arbitrary code on the server. This affects FUXA...

CVE-2026-25895 is a path traversal vulnerability in FUXA web-based SCADA/HMI software that allows unauthenticated remote attackers to write arbitrary files anywhere on the server filesystem. This affe...

FUXA v1.2.7 contains a hard-coded JWT secret key that allows attackers to forge valid authentication tokens. This enables complete authentication bypass and administrative access to affected systems. ...

FUXA v1.2.7 has an unauthenticated file upload vulnerability in the /api/upload endpoint that allows remote attackers to upload arbitrary files. This can lead to system compromise through database ove...

CVE-2025-69983 is a critical remote code execution vulnerability in FUXA v1.2.7 that allows attackers to execute arbitrary system commands through malicious project imports. This affects all organizat...

This is an unauthenticated remote command execution vulnerability in FUXA SCADA/HMI software that allows attackers to execute arbitrary commands on affected systems via a crafted POST request to the /...

CVE-2026-25951 is a path traversal vulnerability in FUXA web-based SCADA/HMI software that allows authenticated administrators to bypass directory protections using nested traversal sequences. This en...