Package impact

npm / fuxa-server

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-47717	high	—	8.0	18h ago	FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations
CVE-2026-43947	high	—	8.0	2d ago	FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass
CVE-2026-43946	high	—	8.0	2d ago	FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue
CVE-2025-69971	high	—	8.0	4mo ago	FUXA has a hardcoded fallback JWT signing secret
CVE-2026-25951	unknown	—	—	4mo ago	FUXA Affected by a Path Traversal Sanitization Bypass
CVE-2026-25939	unknown	—	—	4mo ago	FUXA Unauthenticated Remote Arbitrary Scheduler Write
CVE-2026-25938	unknown	—	—	4mo ago	FUXA Unauthenticated Remote Code Execution in Node-RED Integration
CVE-2026-25752	unknown	—	—	4mo ago	FUXA Unauthenticated Remote Arbitrary Device Tag Write
CVE-2026-25895	unknown	—	—	4mo ago	FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
CVE-2026-25894	unknown	—	—	4mo ago	FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
CVE-2026-25751	unknown	—	—	4mo ago	FUXA Unauthenticated Exposure of Plaintext Database Credentials
CVE-2026-25893	unknown	—	—	4mo ago	FUXA Unauthenticated Remote Code Execution via Admin JWT Minting
CVE-2025-69983	unknown	—	—	4mo ago	FUXA allows Remote Code Execution (RCE) via the project import functionality.
CVE-2025-69981	unknown	—	—	4mo ago	FUXA contains an Unrestricted File Upload vulnerability
CVE-2025-69970	unknown	—	—	4mo ago	FUXA contains an insecure default configuration vulnerability
CVE-2023-31717	unknown	—	—	3y ago	FUXA SQL Injection vulnerability
CVE-2023-31719	unknown	—	—	3y ago	FUXA SQL Injection vulnerability
CVE-2023-31718	unknown	—	—	3y ago	FUXA local file inclusion vulnerability