fuxa-server

FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions

FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString

FUXA Unauthenticated Remote Arbitrary Device Tag Write

FUXA SQL Injection vulnerability

FUXA SQL Injection vulnerability

FUXA Affected by a Path Traversal Sanitization Bypass

FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API

FUXA contains an Unrestricted File Upload vulnerability

FUXA Unauthenticated Remote Arbitrary Scheduler Write

FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

Duplicate Advisory: FUXA contains a hard-coded credential vulnerability

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA contains an insecure default configuration vulnerability

FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading

FUXA local file inclusion vulnerability

FUXA Unauthenticated Exposure of Plaintext Database Credentials

FUXA allows Remote Code Execution (RCE) via the project import functionality.

FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue

FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass

FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations

FUXA provides guest and invalid-token access to protected read APIs in secure mode