CVE ID : CVE-2026-25939 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass…
CVE-2026-25938 – FUXA Unauthenticated Remote Code Execution in Node-RED Integration
CVE ID : CVE-2026-25938 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability…
CVE-2026-25895 – FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
CVE ID : CVE-2026-25895 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an…
CVE-2026-25894 – FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
CVE ID : CVE-2026-25894 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an…
CVE-2026-25761 – Command injection via crafted filenames in Super-linter Action
CVE ID : CVE-2026-25761 Published : Feb. 9, 2026, 9:15 p.m. | 44 minutes ago Description : Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From…
CVE-2026-25498 – Craft has a potential authenticated Remote Code Execution via malicious attached Behavior
CVE ID : CVE-2026-25498 Published : Feb. 9, 2026, 8:15 p.m. | 1 hour, 44 minutes ago Description : Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1…
CVE-2026-25497 – Craft has a GraphQL Asset Mutation Privilege Escalation
CVE ID : CVE-2026-25497 Published : Feb. 9, 2026, 8:15 p.m. | 1 hour, 44 minutes ago Description : Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before…
CVE-2026-25495 – Craft has a SQL Injection in Element Indexes via criteria[orderBy]
CVE ID : CVE-2026-25495 Published : Feb. 9, 2026, 8:15 p.m. | 1 hour, 44 minutes ago Description : Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and…
CVE-2026-25057 – Zip Slip in MarkUs config upload allowing RCE
CVE ID : CVE-2026-25057 Published : Feb. 9, 2026, 8:15 p.m. | 1 hour, 44 minutes ago Description : MarkUs is a web application for the submission and grading of student assignments. Prior to…
CVE-2026-24684 – FreeRDP has a Heap-use-after-free in play_thread
CVE ID : CVE-2026-24684 Published : Feb. 9, 2026, 7:15 p.m. | 44 minutes ago Description : FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async…