Lucene search
+L

687 matches found

RedhatCVE
RedhatCVE
added 2025/12/09 12:11 a.m.4 views

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS6.9AI score0.00156EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/08 6:30 p.m.7 views

EUVD-2025-201721

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS6.6AI score0.00185EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/08 6:30 p.m.7 views

EUVD-2025-201723

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.3AI score0.00223EPSS
Exploits1References5
OSV
OSV
added 2025/12/08 6:30 p.m.6 views

GHSA-MG56-WC4Q-RW4W memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.8AI score0.00223EPSS
Exploits1References8
OSV
OSV
added 2025/12/08 6:30 p.m.4 views

GHSA-99M2-QWX6-2W6F memos vulnerability allows arbitrarily modification or deletion registered identity providers

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

6.5CVSS6.8AI score0.00245EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.9 views

memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/12/08 6:30 p.m.5 views

GHSA-QGJP-5G5X-VHQ2 memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7AI score0.00185EPSS
Exploits1References8
OSV
OSV
added 2025/12/08 6:30 p.m.4 views

GHSA-8P44-G572-557H memos vulnerability allows arbitrarily modification or deletion of attachments

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS6.8AI score0.00156EPSS
Exploits1References8
OSV
OSV
added 2025/12/08 6:30 p.m.7 views

GHSA-8JCJ-G9F4-QX42 memos vulnerability allows arbitrarily reactions deletion

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

4.3CVSS6.8AI score0.00173EPSS
Exploits1References8
EUVD
EUVD
added 2025/12/08 6:30 p.m.7 views

EUVD-2025-201725

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

4.3CVSS6.4AI score0.00173EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.13 views

memos vulnerability allows arbitrarily reactions deletion

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

4.3CVSS6.9AI score0.00173EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.9 views

memos vulnerability allows arbitrarily modification or deletion of attachments

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS6.9AI score0.00156EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2025/12/08 5:16 p.m.8 views

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS0.00223EPSS
Exploits1References2
NVD
NVD
added 2025/12/08 5:16 p.m.5 views

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS0.00185EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/08 4:40 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization when executing DeleteReaction. An attacker can remove reactions from other users' entries by sending crafted requests with low-level privileges and no authentication. Remediation Upgrade...

5.3CVSS6.8AI score0.00173EPSS
Exploits1References2
NVD
NVD
added 2025/12/08 4:15 p.m.7 views

CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

4.3CVSS0.00173EPSS
Exploits1References2
NVD
NVD
added 2025/12/08 4:15 p.m.6 views

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS0.00156EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/08 12:0 a.m.2 views

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

6.5AI score0.00156EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.5 views

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from a lack of filename validation in the attachment service and could lead to a path traversal attack...

4.3CVSS6.4AI score0.00185EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/08 12:0 a.m.1 views

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

6.5AI score0.00245EPSS
Exploits1References3
Rows per page
Query Builder