Home/Product/frangoteam fuxa
Product

frangoteam fuxa

19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-69985
<= 1.2.8
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exi
9.8CRITICAL
 CVE-2026-25951
< 1.2.11
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitizatio
7.2HIGH
 CVE-2026-25939
>= 1.2.8 and < 1.2.11
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization byp
9.1CRITICAL
 CVE-2026-25938
>= 1.2.8 and < 1.2.11
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vuln
9.8CRITICAL
 CVE-2026-25895
< 1.2.10
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthe
9.8CRITICAL
 CVE-2026-25894
< 1.2.10
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unau
9.8CRITICAL
 CVE-2026-25893
< 1.2.10
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability
9.8CRITICAL
 CVE-2026-25752
< 1.2.10
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an
9.1CRITICAL
 CVE-2026-25751
< 1.2.10
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows a
7.5HIGH
 CVE-2025-69983
all versions
FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or
9.8CRITICAL
 CVE-2025-69981
all versions
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authenticatio
9.8CRITICAL
 CVE-2025-69971
all versions
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret k
9.8CRITICAL
 CVE-2025-69970
all versions
FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is co
9.3CRITICAL
 CVE-2023-31719
<= 1.1.12
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
9.8CRITICAL
 CVE-2023-31718
<= 1.1.12
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
7.5HIGH
 CVE-2023-31717
<= 1.1.12
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
7.5HIGH
 CVE-2023-31716
<= 1.1.12
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
7.5HIGH
 CVE-2023-33831
all versions
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary
9.8CRITICAL
 CVE-2021-45851
all versions
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information fro
7.5HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh