Vendor

Frangoteam

2 briefs RSS

FUXA Unauthenticated Project Data Disclosure Vulnerability

FUXA v1.3.0-2773 is vulnerable to unauthenticated project data disclosure (CVE-2026-47717) via the /api/project endpoint, exposing sensitive configuration data like scripts and device settings, even with security enabled.

FUXA v1.3.0-2773 cve unauthenticated-access data-disclosure ics scada

2r 1t 3w ago

critical advisory

FUXA 1.2.8 Authentication Bypass and Remote Command Execution Vulnerability

2 rules 2 TTPs 1 CVE

FUXA 1.2.8 and earlier is vulnerable to an authentication bypass vulnerability (CVE-2025-69985) that allows remote command execution by exploiting the /api/runscript endpoint with a crafted JavaScript payload.

FUXA authentication-bypass remote-code-execution web-application scada

2r 2t 1c Jan 3, 2024