5 matches found
PT-2025-36654
Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos...
CVE-2025-56760
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...
Memos Vulnerable to Path Traversal via the CreateResource Endpoint
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the filepathTemplate parameter in the CreateResource endpoint, when objects are stored locally. An authenticated attacker can write arbitrary files to the server filesystem by submitting a crafted filename...
CVE-2025-56760
CVE-2025-56760 affects Memos 0.22 when configured to store objects locally. The vulnerability arises from a path traversal sequence in the CreateResource endpoint name, enabling arbitrary file writes on the server. CVSSv3.1 metrics indicate Network access, Low attack complexity, and Low privilege...