Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...

CVE-2026-20189 Cisco Prime Infrastructure Information Disclosure Vulnerability

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...

PT-2026-37656

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...

Cisco Prime Infrastructure 安全漏洞

Cisco Prime Infrastructure is an application software developed by Cisco, Inc. in the United States. It is used to simplify the management of wireless and wired networks. There is a security vulnerability in Cisco Prime Infrastructure, which stems from insufficient authorization checks in the...

CVE-2025-67743

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...

GHSA-9C54-GXH7-PPJC Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Summary The download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...

Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Summary The download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...

CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...

CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...

CVE-2025-67743

CVE-2025-67743 affects Local Deep Research. The vulnerability lies in the download service (download_service.py) where HTTP requests are made with raw requests.get() without SSRF protection, bypassing safeguards in safe_requests.py/ssrf_validator.py. This can allow an attacker to access internal ...

Local Deep Research 安全漏洞

Local Deep Research is an AI search assistant open-sourced by LearningCircuit. A security vulnerability exists in Local Deep Research version 1.3.0 through versions prior to 1.3.9 that stems from the download service not using SSRF protection, which could lead to a server-side request forgery...

PT-2025-52729

Name of the Vulnerable Software and Affected Versions Local Deep Research versions 1.3.0 through 1.3.8 Description The software is an AI-powered research assistant. A flaw exists in the download service download service.py where HTTP requests are made using raw requests.get calls, bypassing the...

VulnCheck KEV: CVE-2024-55457

MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information...

MasterSAM Star Gate 安全漏洞

MasterSAM Star Gate is an application from MasterSAM, Inc. designed to manage, secure, and monitor privileged credentials and access across an enterprise IT environment. A security vulnerability exists in MasterSAM Star Gate version 11, which stems from /adama/adama/downloadService not restrictin...

Information Disclosure

jboss-seam is vulnerable to information disclosure. The vulnerability exists as the property that controls the download of server classes was set to "true" in the "production" configuration. When the class download service is bound to an external interface, a remote attacker was able to download...

Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Incorrect Access Control Vulnerability

Dell EMC Avamar Server and EMC Integrated Data Protection Appliance are both products of Dell Inc.Dell EMC Avamar Server is a fully virtualized backup and recovery software for servers.EMC Integrated Data Protection Appliance is a disk-based backup and recovery solution. EMC Integrated Data...

CVE-2018-1217

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...

EMC Documentum D2 SQL Injection Vulnerability (CNVD-2015-04195)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 suffers from a SQL injection vulnerability in the D2DownloadService.getDownloadUrls service method, which could lead to the disclosure ...

BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability

BitRaider Streaming Client version 1.3.3.4098 suffers from a local privilege escalation vulnerability. BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability Vendor: BitRaider, LLC Product web page: http://www.bitraider.com Affected version: 1.3.3.4098 Summary: BitRaider i...

Ubisoft's uPlay service hacked, Far Cry 3 Blood Dragon Leaked

Russian hackers have figured out a way to download free games from Ubisoft's servers, exploiting an existing vulnerability in Ubisoft's uPlay launcher. According to reports, the copies of Far Cry 3 Blood Dragon that are available on torrent sites are the result of a hack of Ubisoft's uPlay servic...