All 8 CVE vulnerabilities found in FUXA, with AI-generated Chinese analysis, references, and POCs.
Vendor: frangoteam
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25895 | FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API CWE-22 | 7.5AI | HighAI | 2026-02-09 |
| CVE-2026-25894 | FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration CWE-321 | 9.8AI | CriticalAI | 2026-02-09 |
| CVE-2026-25893 | FUXA Unauthenticated Remote Code Execution via Admin JWT Minting CWE-285 | 9.8AI | CriticalAI | 2026-02-09 |
| CVE-2026-25951 | FUXA has a Path Traversal Sanitization Bypass CWE-22 | 7.2AI | HighAI | 2026-02-09 |
| CVE-2026-25939 | FUXA Unauthenticated Remote Arbitrary Scheduler Write CWE-862 | 9.3AI | CriticalAI | 2026-02-09 |
| CVE-2026-25938 | FUXA Unauthenticated Remote Code Execution in Node-RED Integration CWE-290 | 9.8AI | CriticalAI | 2026-02-09 |
| CVE-2026-25751 | FUXA Unauthenticated Exposure of Plaintext Database Credentials CWE-306 | 9.8AI | CriticalAI | 2026-02-06 |
| CVE-2026-25752 | FUXA Unauthenticated Remote Arbitrary Device Tag Write CWE-862 | 7.5AI | HighAI | 2026-02-06 |
All 8 known CVE vulnerabilities affecting FUXA with full Chinese analysis, references, and POCs where available.