265 matches found
CVE-2026-6634
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
EUVD-2026-34018
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
CVE-2026-30586
This CVE concerns Cross Site Scripting in the open-source project usememos Memos v0.26.0. The vulnerability affects the memo rendering path and related views (SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo View pages). Root cause details are not explicitly provided beyond the ...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
PT-2026-45825
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE SCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
SUSE CVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...
SUSE CVE-2025-65798
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...
GO-2025-4215 memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos
memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos...
GO-2025-4217 memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos
memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos...
CVE-2025-65799
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
EUVD-2025-201723
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
GHSA-MG56-WC4Q-RW4W memos vulnerability allows the creation of arbitrary accounts
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
GHSA-8JCJ-G9F4-QX42 memos vulnerability allows arbitrarily reactions deletion
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...
CVE-2025-65798
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...
CVE-2025-65796
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...
CVE-2025-65796
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...
CVE-2025-65796
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...
CVE-2025-65799
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
CVE-2025-65798
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...