Filtered by vendor Frangoteam
Subscriptions
Filtered by product Fuxa
Subscriptions
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69971 | 1 Frangoteam | 1 Fuxa | 2026-02-04 | N/A |
| FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access. | ||||
| CVE-2025-69983 | 1 Frangoteam | 1 Fuxa | 2026-02-04 | N/A |
| FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise. | ||||
| CVE-2025-69970 | 1 Frangoteam | 1 Fuxa | 2026-02-04 | N/A |
| FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API endpoints, modify projects, and control industrial equipment immediately after installation. | ||||
| CVE-2023-33831 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 9.8 Critical |
| A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. | ||||
| CVE-2023-31719 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 9.8 Critical |
| FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. | ||||
| CVE-2023-31718 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | ||||
| CVE-2023-31717 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. | ||||
| CVE-2023-31716 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | ||||
| CVE-2021-45851 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server. | ||||
Page 1 of 1.