Every CVE whose affected-product data names Frangoteam Fuxa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2025-69985 — CVSS 9.8 (critical): FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in…
CVE-2026-25894 — CVSS 9.8 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an…
CVE-2026-25895 — CVSS 9.8 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated…
CVE-2026-25938 — CVSS 9.8 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability…
CVE-2023-33831 — CVSS 9.8 (critical): A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands…
CVE-2026-25893 — CVSS 9.8 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA…
CVE-2025-69971 — CVSS 9.8 (critical): FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to…
CVE-2025-69981 — CVSS 9.8 (critical): FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication…
CVE-2025-69983 — CVSS 9.8 (critical): FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox…
CVE-2025-69970 — CVSS 9.3 (critical): FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented…
CVE-2026-25939 — CVSS 9.1 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass…
CVE-2026-25752 — CVSS 9.1 (critical): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an…
CVE-2021-45851 — CVSS 7.5 (high): A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the…
CVE-2026-25751 — CVSS 7.5 (high): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an…
CVE-2026-25951 — CVSS 7.2 (high): FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic…