VYPR

Fuxa

by Frangoteam

Source repositories

CVEs (26)

  • CVE-2026-25751Feb 6, 2026
    risk 0.00cvss epss 0.00

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker…

  • CVE-2026-25752Feb 6, 2026
    risk 0.00cvss epss 0.00

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based…

  • CVE-2025-69970Feb 3, 2026
    risk 0.00cvss epss 0.00

    FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access…

  • CVE-2025-69971Feb 3, 2026
    risk 0.00cvss epss 0.02

    FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative…

  • CVE-2025-69983Feb 3, 2026
    risk 0.00cvss epss 0.00

    FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full…

  • CVE-2025-69981Feb 3, 2026
    risk 0.00cvss epss 0.01

    FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as…

Page 2 of 2