Memos 安全漏洞

Memos is an open-source memo center with knowledge management and social features, hosted on a server. Memos versions 0.22.1 and earlier have a security vulnerability. This vulnerability stems from improper handling of the parameters additionalStyle/additionalScript in the UpdateInstanceSetting...

GO-2025-4217 memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos...

GO-2025-4216 memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos...

GO-2025-4215 memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos...

memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

GHSA-MG56-WC4Q-RW4W memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

EUVD-2025-201721

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

memos vulnerability allows arbitrarily modification or deletion of attachments

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

GHSA-8JCJ-G9F4-QX42 memos vulnerability allows arbitrarily reactions deletion

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

memos vulnerability allows arbitrarily reactions deletion

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

VulnCheck KEV: CVE-2024-29029

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

Memos Vulnerable to Path Traversal via the CreateResource Endpoint

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version 0.22, which stems from the presence of path traversal in the CreateResource endpoint, which could lead to arbitrary file writes...

Server Side Request Forgery (SSRF)

github.com/usememos/memos is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, which allows an attacker to perform SSRF attacks...

GO-2024-3046 memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos...

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos version 0.13.2, which stems from /o/get/image allows an unauthenticated user to enumerate the internal network and retrieve images, with the response to the image...

memos 跨站脚本漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos that stems from insufficient inspection of external resources. An attacker could exploit the vulnerability to perform a cross-site scripting attack...

memos 跨站请求伪造漏洞

memos is an open source hosted meme center with knowledge management and social features. A cross-site request forgery vulnerability exists in memos versions prior to 0.9.1. An attacker could exploit this vulnerability to perform a cross-site request forgery attack...

memos 安全漏洞

memos is an open source hosted meme center with knowledge management and social features. A security vulnerability exists in memos, which can be exploited by an attacker to post messages in the memos page...

memos 跨站请求伪造漏洞

memos is an open source hosted meme center with knowledge management and social features. A cross-site request forgery vulnerability exists in memos versions prior to 0.9.1. An attacker could exploit this vulnerability to perform a cross-site request forgery attack...