npm / fuxa-server

FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration

Modified: 2/10/2026

FUXA allows Remote Code Execution (RCE) via the project import functionality.

Modified: 2/11/2026

FUXA Affected by a Path Traversal Sanitization Bypass

Modified: 2/22/2026

FUXA contains an Unrestricted File Upload vulnerability

Modified: 2/10/2026

FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API

Modified: 2/22/2026

FUXA Unauthenticated Exposure of Plaintext Database Credentials

Modified: 2/6/2026

FUXA Unauthenticated Remote Arbitrary Scheduler Write

Modified: 2/10/2026

FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue

Modified: 5/26/2026

FUXA Unauthenticated Remote Arbitrary Device Tag Write

Modified: 2/6/2026

FUXA SQL Injection vulnerability

Modified: 11/8/2023

FUXA contains an insecure default configuration vulnerability

Modified: 2/10/2026

FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass

Modified: 5/27/2026

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Modified: 2/10/2026

FUXA SQL Injection vulnerability

Modified: 11/8/2023

FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

Modified: 2/10/2026

FUXA local file inclusion vulnerability

Modified: 11/8/2023