SUSE CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

Memos Server-Side Request Forgery (SSRF)

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

CVE-2022-4814

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1...

CVE-2022-4840

Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.9.1...

CVE-2022-4851

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1...

PT-2024-29488 · Memos · Memos

Name of the Vulnerable Software and Affected Versions: memos versions 0.20.1 and earlier Description: A CORS misconfiguration exists in memos where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin reques...

PT-2024-22683 · Memos · Memos

Name of the Vulnerable Software and Affected Versions: memos versions 0.13.2 through 0.21.x Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It exists at the /api/resource endpoint, allowing authenticated users to enumerate the internal network...

Cross Site Scripting

memos is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient checks in the following /o/get/image?url= endpoint which is used to fetch external images. This can be exploited by the attacker to fetch malicious external image such as svg file and execute malicious javascrip...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly validate the markdown links, which allows an attacker to inject and execute malicious javascript...

Cross-Site Request Forgery (CSRF)

github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to add new members, via user API by exploiting the CSRF issue...

CVE-2022-4839 Cross-site Scripting (XSS) - Stored in usememos/memos

Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.9.1...

GHSA-F83P-PG86-P922 usememos/memos has Insufficient Granularity of Access Control

usememos/memos 0.9.0 and prior allows an attacker to archive any user's public or private post...

GHSA-QW36-RW5Q-GXCQ usememos/memos Improper Authorization vulnerability

usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization...

GHSA-MFMP-8MQG-Q4WM usememos/memos Improper Access Control vulnerability

usememos/memos 0.9.0 and prior is vulnerable to Improper Access Control...

GHSA-RX2M-XR4X-54HH usememos/memos vulnerable to Improper Authorization

usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization...

CVE-2022-4690 Cross-site Scripting (XSS) - Stored in usememos/memos

Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.9.0...