fuxa-server
js · fuxa-serverHeads-up
fuxa-server: SQL injection in TDengine DAQ storage connector
The TDengine DAQ storage connector's escapeTdString function doubles single quotes but does not escape backslashes, allowing SQL i
09 Jun 2026 · schedule it
js · fuxa-serverHeads-up
fuxa-server: Scheduler API missing admin permission checks fixed in 1.3.2
The Scheduler API did not enforce administrator permissions, allowing non-admin users to create or modify scheduled actions that e
09 Jun 2026 · schedule it
js · fuxa-serverCritical
FUXA Server Missing Authorization in Socket.IO Handlers Leading to SSRF
Two Socket.IO event handlers (DEVICE_PROPERTY and DEVICE_WEBAPI_REQUEST) in server/runtime/index.js lack authorization checks, all
09 Jun 2026 · act now