CVE ID : CVE-2026-0488 Published : Feb. 10, 2026, 3:01 a.m. | 58 minutes ago Description : An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in…
CVE-2026-25951 – FUXA has a Path Traversal Sanitization Bypass
CVE ID : CVE-2026-25951 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in…
CVE-2026-25939 – FUXA Unauthenticated Remote Arbitrary Scheduler Write
CVE ID : CVE-2026-25939 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass…
CVE-2026-25938 – FUXA Unauthenticated Remote Code Execution in Node-RED Integration
CVE ID : CVE-2026-25938 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability…
CVE-2026-25895 – FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
CVE ID : CVE-2026-25895 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an…
CVE-2026-25894 – FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
CVE ID : CVE-2026-25894 Published : Feb. 9, 2026, 11:16 p.m. | 44 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an…
CVE-2026-25761 – Command injection via crafted filenames in Super-linter Action
CVE ID : CVE-2026-25761 Published : Feb. 9, 2026, 9:15 p.m. | 44 minutes ago Description : Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From…
CVE-2026-25498 – Craft has a potential authenticated Remote Code Execution via malicious attached Behavior
CVE ID : CVE-2026-25498 Published : Feb. 9, 2026, 8:15 p.m. | 1 hour, 44 minutes ago Description : Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1…
CVE-2026-25497 – Craft has a GraphQL Asset Mutation Privilege Escalation
CVE ID : CVE-2026-25497 Published : Feb. 9, 2026, 8:15 p.m. | 1 hour, 44 minutes ago Description : Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before…
CVE-2026-25495 – Craft has a SQL Injection in Element Indexes via criteria[orderBy]
CVE ID : CVE-2026-25495 Published : Feb. 9, 2026, 8:15 p.m. | 1 hour, 44 minutes ago Description : Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and…