CVE Tools

frangoteam

Web & CMS Pluginsunknown

18

Cumulative CVEs

2

Monthly snapshots

#73

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting frangoteam.

CVE-2025-69985FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly tr...9.8Feb 24, 2026
CVE-2026-25895FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API9.8Feb 9, 2026
CVE-2026-25894FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration9.8Feb 9, 2026
CVE-2026-25893FUXA Unauthenticated Remote Code Execution via Admin JWT Minting9.8Feb 9, 2026
CVE-2026-25951FUXA has a Path Traversal Sanitization Bypass7.2Feb 9, 2026
CVE-2026-25939FUXA Unauthenticated Remote Arbitrary Scheduler Write9.1Feb 9, 2026
CVE-2026-25938FUXA Unauthenticated Remote Code Execution in Node-RED Integration9.8Feb 9, 2026
CVE-2026-25751FUXA Unauthenticated Exposure of Plaintext Database Credentials7.5Feb 6, 2026
CVE-2026-25752FUXA Unauthenticated Remote Arbitrary Device Tag Write9.1Feb 6, 2026
CVE-2025-69983FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An at...9.8Feb 3, 2026
CVE-2025-69981FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload a...9.8Feb 3, 2026
CVE-2025-69971FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to f...9.8Feb 3, 2026
CVE-2025-69970FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with ...9.3Feb 3, 2026
CVE-2023-31719FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.9.8Sep 21, 2023
CVE-2023-31718FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.7.5Sep 21, 2023