CVE-2026-48776 LangGraph SDK has unsafe URL path construction

LangGraph Python SDK (versions ≤ 0.3.14) has unsafe URL path construction due to unsanitized caller-supplied identifiers in HTTP request paths, which could address the wrong resource or resource type. Impact: potential unintended access, modification, or deletion of resources beyond the caller's ...

CVE-2026-28673

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...

CVE-2026-28673 xiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...

CVE-2026-28673

xiaoheiFS (self-hosted financial/operational system) versions ≤ 0.3.15 are vulnerable through the standard plugin system. An attacker can upload a ZIP containing a binary and a manifest.json; the server trusts the binaries field in the manifest and executes the specified file without validating i...

Zexeron ZWX-2000CSW2-HN 安全漏洞

The Zexeron ZWX-2000CSW2-HN is a high-speed coaxial modem from Zexeron Japan. A security vulnerability exists in the Zexeron ZWX-2000CSW2-HN prior to version 0.3.15, which stems from the presence of incorrect privilege assignments for critical resource issues, which could allow a network-adjacent...