Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

fuxa-server

View on npm registry
22 Total advisories
22 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 8.2
npm

CVE-2026-47719

FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading
MEDIUM 6.3
npm

CVE-2026-47721

FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions
MEDIUM 5.3
npm

CVE-2026-47720

FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString
UNKNOWN
npm

CVE-2026-47718

FUXA provides guest and invalid-token access to protected read APIs in secure mode
HIGH 7.5
npm

CVE-2026-47717

FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations
UNKNOWN
npm

CVE-2026-43947

FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass
UNKNOWN
npm

CVE-2026-43946

FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue
UNKNOWN
npm

CVE-2025-69971

Duplicate Advisory: FUXA contains a hard-coded credential vulnerability
UNKNOWN
npm

CVE-2026-25895

FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
UNKNOWN
npm

CVE-2026-25951

FUXA Affected by a Path Traversal Sanitization Bypass
CRITICAL 9.8
npm

CVE-2025-69983

FUXA allows Remote Code Execution (RCE) via the project import functionality.
UNKNOWN
npm

CVE-2025-69981

FUXA contains an Unrestricted File Upload vulnerability
UNKNOWN
npm

CVE-2026-25893

FUXA Unauthenticated Remote Code Execution via Admin JWT Minting
UNKNOWN
npm

CVE-2026-25939

FUXA Unauthenticated Remote Arbitrary Scheduler Write
UNKNOWN
npm

CVE-2026-25938

FUXA Unauthenticated Remote Code Execution in Node-RED Integration
UNKNOWN
npm

CVE-2026-25894

FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
UNKNOWN
npm

CVE-2025-69970

FUXA contains an insecure default configuration vulnerability
UNKNOWN
npm

CVE-2026-25751

FUXA Unauthenticated Exposure of Plaintext Database Credentials
UNKNOWN
npm

CVE-2026-25752

FUXA Unauthenticated Remote Arbitrary Device Tag Write
CRITICAL 9.8
npm

CVE-2023-31719

FUXA SQL Injection vulnerability
HIGH 7.5
npm

CVE-2023-31718

FUXA local file inclusion vulnerability
HIGH 7.5
npm

CVE-2023-31717

FUXA SQL Injection vulnerability

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes