19 matches found
CVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...
EUVD-2025-23004
Malicious code in bioql PyPI...
EUVD-2022-7522
Malicious code in bioql PyPI...
EUVD-2024-2545
Malicious code in bioql PyPI...
SUSE CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
GHSA-HFCF-79GH-F3JC Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
PT-2025-31215
Name of the Vulnerable Software and Affected Versions: Memos versions up to v0.24.3 Description: The Memos application allows embedding of markdown images with arbitrary URLs. Viewing a memo containing such an image causes the user's browser to automatically fetch the image URL, potentially...
CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
CVE-2025-50738
Summary: CVE-2025-50738 affects the Memos application (up to v0.24.3), where embedding markdown images with arbitrary URLs can trigger automatic image fetches when a memo is viewed, enabling potential information disclosure (IP address, User-Agent, and other request data) to an attacker-controlle...
CVE-2024-29028
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...
GO-2025-3492 Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos
Memos Server-Side Request Forgery SSRF in github.com/usememos/memos...
CVE-2022-4800
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1...
CSRF allows attacker trigger admin add HOST user lead to takeover memos application
Description This vuln allow attacker trigger admin submitting a malicious request to create new user with any role. Proof of Concept 1. Attacker create malicious script with csrf payload and upload it to attacker server httpx://attacker.server/csrf.html 2. Attacker send this link to memos admin 3...
PT-2022-28048 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue concerns the exposure of sensitive user information, including names, email, role, and OpenID, to an authenticated user. This is due to improper removal of sensitive information...