unocelli

3 exploits Active since Feb 2026
CVE-2026-25893 WRITEUP CRITICAL WRITEUP
Frangoteam Fuxa < 1.2.10 - Improper Authorization
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has been patched in FUXA version 1.2.10.
CVSS 9.8
CVE-2026-25894 WRITEUP CRITICAL WRITEUP
FUXA <1.2.9 - RCE
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.
CVSS 9.8
CVE-2026-25895 WRITEUP CRITICAL WRITEUP
Frangoteam Fuxa < 1.2.10 - Path Traversal
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
CVSS 9.8