5.1
CVE-2025-15318 - Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
7.8
CVE-2025-15319 - Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
7.7
CVE-2026-25958 - Cube privilege escalation via a specially crafted request
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.
6.5
CVE-2026-25957 - Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a speciallβ¦
Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.
9.5
CVE-2026-25895 - FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched β¦
9.5
CVE-2026-25894 - FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enablβ¦
10
CVE-2026-25893 - FUXA Unauthenticated Remote Code Execution via Admin JWT Minting
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has bβ¦
8.6
CVE-2026-25951 - FUXA has a Path Traversal Sanitization Bypass
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), anβ¦
9.3
CVE-2026-25939 - FUXA Unauthenticated Remote Arbitrary Scheduler Write
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-oβ¦
9.5
CVE-2026-25938 - FUXA Unauthenticated Remote Code Execution in Node-RED Integration
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA vβ¦