14 matches found
Memos has an Incorrect Privilege Assignment issue
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
CVE-2025-65799
The CVE-2025-65799 entry refers to usememos memos v0.25.2 lacking file name validation in the Attachment service, enabling path traversal. Affected component: github.com/usememos/memos/server/router/api/v1 (Attachment handling). Root cause: missing validation/verification of uploaded file names l...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
CVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...
CVE-2025-65795
Converging sources confirm CVE-2025-65795 affects usememos/memos v0.25.2, due to incorrect access control on /api/v1/user, enabling unauthenticated creation of arbitrary accounts. The OSV/GHSA entries and Red Hat/NVD mirrors all describe the same root cause and impact. The Snyk advisory additiona...
EUVD-2023-2434
Malicious code in bioql PyPI...
EUVD-2022-7577
Malicious code in bioql PyPI...
EUVD-2022-7494
Malicious code in bioql PyPI...
EUVD-2023-2530
Malicious code in bioql PyPI...
EUVD-2022-7751
Malicious code in bioql PyPI...
CVE-2025-56761
Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...
PT-2025-9016 · Elestio · Elestio Memos
Name of the Vulnerable Software and Affected Versions: elestio memos version 0.23.0 Description: The issue is related to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. This vulnerability allows attackers to...
memos 授权问题漏洞
memos is an open source hosted meme center with knowledge management and social features. A vulnerability exists in memos prior to version 0.9.1 due to an authorization issue, which can be exploited by an attacker to archive any private memos, delete any shortcuts, and edit any shortcuts from oth...