4 matches found
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
CVE-2025-65799
The CVE-2025-65799 entry refers to usememos memos v0.25.2 lacking file name validation in the Attachment service, enabling path traversal. Affected component: github.com/usememos/memos/server/router/api/v1 (Attachment handling). Root cause: missing validation/verification of uploaded file names l...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
CVE-2025-65795
Converging sources confirm CVE-2025-65795 affects usememos/memos v0.25.2, due to incorrect access control on /api/v1/user, enabling unauthenticated creation of arbitrary accounts. The OSV/GHSA entries and Red Hat/NVD mirrors all describe the same root cause and impact. The Snyk advisory additiona...