CVE-2024-41659

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

PT-2025-49566

Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2 Description A flaw exists in the Identity Provider service of usememos memos that involves incorrect access control. Attackers with limited privileges can modify or delete registered identity providers. This can...

EUVD-2024-19274

Memos' Access Tokens Stay Valid after User Password Change...

EUVD-2024-2509

Malicious code in bioql PyPI...

EUVD-2024-2512

Malicious code in bioql PyPI...

CVE-2024-29029

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

CVE-2024-29030

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file...