fuxa-server (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package fuxa-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2026-25894 — CVSS 9.8 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an…
CVE-2026-25938 — CVSS 9.8 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability…
CVE-2026-25893 — CVSS 9.8 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA…
CVE-2026-25895 — CVSS 9.8 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated…
CVE-2025-69971 — CVSS 9.8 (critical): FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to…
CVE-2025-69981 — CVSS 9.8 (critical): FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication…
CVE-2025-69983 — CVSS 9.8 (critical): FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox…
CVE-2025-69970 — CVSS 9.3 (critical): FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented…
CVE-2026-25939 — CVSS 9.1 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass…
CVE-2026-25752 — CVSS 9.1 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an…
CVE-2023-31717 — CVSS 7.5 (high): A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
CVE-2026-25751 — CVSS 7.5 (high): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an…
CVE-2026-25951 — CVSS 7.2 (high): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic…