17 matches found
CVE-2026-9473
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
CVE-2026-9473 c-rick jimeng-mcp api.ts generateVideo path traversal
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
EUVD-2026-31706
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
CVE-2026-9473
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
CVE-2026-9473 c-rick jimeng-mcp api.ts generateVideo path traversal
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
CVE-2026-9473
CVE-2026-9473 affects c-rick jimeng-mcp 1.10.0. The vulnerability lies in src/api.ts functions getFileContent, uploadCoverFile, generateImage, and generateVideo where manipulating the argument filePath enables path traversal. The attack could be remote; exploit has been disclosed publicly and the...
PT-2026-43088
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
Insertion of Sensitive Information into Log File
Overview jimeng-web-mcp is a MCP服务器项目,直接访问即梦AI Web端进行图像和视频生成(仅供学习研究使用) Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process. An attacker can access sensitive information by reviewing improperly sanitized log files. Remediation...
EUVD-2025-208423
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
CVE-2025-70040
CVE-2025-70040 affects the npm package jimeng-web-mcp (v2.1.2) from LupinLin1. The issue is described as CWE-532: Insertion of Sensitive Information into Log File, allowing an attacker to obtain sensitive information via poorly sanitized log output. Connected sources confirm the affected componen...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
PT-2026-24079
Name of the Vulnerable Software and Affected Versions LupinLin1 jimeng-web-mcp version 2.1.2 Description An issue exists where sensitive information is inserted into log files. This can allow an attacker to obtain sensitive information. Recommendations At the moment, there is no information about...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
JiMeng Web MCP Server 安全漏洞
JiMeng Web MCP Server is a large model context server developed by LupinLin1. Version 2.1.2 of JiMeng Web MCP Server contains a security vulnerability. This vulnerability stems from the insertion of sensitive information into log files, which may allow attackers to obtain sensitive data...