3 matches found
CVE-2025-65799
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
CVE-2025-65796
CVE-2025-65796 describes an improper access control in usememos memos v0.25.2 that allows a low-privilege attacker to arbitrarily delete reactions on other users’ Memos. Multiple connected sources (Red Hat, NVD, GHSA, OSV, Snyk) confirm the issue and point to an insecure DeleteReaction pathway in...