CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

SUSE CVE•added 2025/09/11 11:22 p.m.•3 views

SUSE CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

4.3CVSS7.2AI score0.0032EPSS

Exploits1References2

Github Security Blog•added 2025/02/27 9:32 p.m.•10 views

Memos Server-Side Request Forgery (SSRF)

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

9.8CVSS6.9AI score0.02818EPSS

Exploits1References9Affected Software1

RedhatCVE•added 2025/02/05 8:23 p.m.•6 views

CVE-2022-4814

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1...

8.6CVSS6.7AI score0.00534EPSS

Exploits1

RedhatCVE•added 2025/02/05 8:17 p.m.•8 views

CVE-2022-4840

Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.9.1...

7.6CVSS5.8AI score0.00652EPSS

Exploits1

RedhatCVE•added 2025/02/05 8:14 p.m.•7 views

CVE-2022-4851

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1...

9.8CVSS6.7AI score0.00772EPSS

Exploits1

Positive Technologies•added 2024/08/20 12:0 a.m.•3 views

PT-2024-29488 · Memos · Memos

Name of the Vulnerable Software and Affected Versions: memos versions 0.20.1 and earlier Description: A CORS misconfiguration exists in memos where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin reques...

8.6CVSS6.8AI score0.00607EPSS

Exploits1References14

Positive Technologies•added 2024/04/18 12:0 a.m.•4 views

PT-2024-22683 · Memos · Memos

Name of the Vulnerable Software and Affected Versions: memos versions 0.13.2 through 0.21.x Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It exists at the /api/resource endpoint, allowing authenticated users to enumerate the internal network...

6.9CVSS5.5AI score0.01135EPSS

Exploits1References15

Veracode•added 2023/09/21 7:22 a.m.•25 views

Cross Site Scripting

memos is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient checks in the following /o/get/image?url= endpoint which is used to fetch external images. This can be exploited by the attacker to fetch malicious external image such as svg file and execute malicious javascrip...

8.8CVSS7AI score0.00285EPSS

Exploits1References3Affected Software1

Veracode•added 2023/07/28 3:50 a.m.•14 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly validate the markdown links, which allows an attacker to inject and execute malicious javascript...

5.4CVSS6.6AI score0.00645EPSS

Exploits1References5Affected Software1

Veracode•added 2023/01/03 7:39 a.m.•24 views

Cross-Site Request Forgery (CSRF)

github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to add new members, via user API by exploiting the CSRF issue...

6.5CVSS6.2AI score0.00256EPSS

Exploits1References5Affected Software1