Lucene search
+L

687 matches found

CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Memos 安全漏洞

Memos is an open-source memo center with knowledge management and social features, hosted on a server. Memos versions 0.22.1 and earlier have a security vulnerability. This vulnerability stems from improper handling of the parameters additionalStyle/additionalScript in the UpdateInstanceSetting...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.19 views

PT-2026-33756

Name of the Vulnerable Software and Affected Versions usememos memos versions prior to 0.22.2 Description Improper authorization occurs in the UpdateInstanceSetting component within the file src/App.tsx. Specifically, manipulating the additionalStyle or additionalScript arguments in the memos...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References10
VulnCheck KEV
VulnCheck KEV
added 2026/04/12 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

9.8CVSS5.8AI score0.02818EPSS
In wildExploits1References20
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.11 views

Memos 0.13.2 - Cross-Site Scripting & SSRF

An SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. id: CVE-2024-29029...

6.1CVSS5.9AI score0.0108EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.13 views

Memos 0.13.2 - Server-Side Request Forgery

An SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. id: CVE-2024-29030 info: name: Memos 0.13.2 - Server-Side Request Forgery author: ritikchaddha severity: medium description: | An SSRF vulnerability exists at the /api/resource tha...

5.8CVSS5.6AI score0.01135EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.7 views

CVE-2023-4697

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...

8.8CVSS6.7AI score0.00701EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.14 views

CVE-2024-41659

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.1CVSS6.4AI score0.00607EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.9 views

SUSE CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

4.3CVSS7AI score0.00173EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.8 views

SUSE CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

6.5CVSS6.9AI score0.00245EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.11 views

SUSE CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS6.9AI score0.00156EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.7 views

SUSE CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7.2AI score0.00185EPSS
Exploits1References2
OSV
OSV
added 2025/12/15 8:15 p.m.4 views

GO-2025-4220 memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos...

6.5CVSS6.9AI score0.00245EPSS
Exploits1References7
OSV
OSV
added 2025/12/15 7:37 p.m.9 views

GO-2025-4217 memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References7
OSV
OSV
added 2025/12/15 7:37 p.m.4 views

GO-2025-4216 memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos...

5.4CVSS6.8AI score0.00156EPSS
Exploits1References7
OSV
OSV
added 2025/12/15 7:37 p.m.10 views

GO-2025-4218 memos lacks file name validation or verification in github.com/usememos/memos

memos lacks file name validation or verification in github.com/usememos/memos...

4.3CVSS6.9AI score0.00185EPSS
Exploits1References7
OSV
OSV
added 2025/12/15 7:37 p.m.5 views

GO-2025-4215 memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos...

4.3CVSS6.8AI score0.00173EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/09 12:11 a.m.5 views

CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

4.3CVSS6.9AI score0.00173EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/09 12:11 a.m.4 views

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

6.5CVSS6.9AI score0.00245EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/09 12:11 a.m.6 views

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7.1AI score0.00185EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/09 12:11 a.m.6 views

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References1
Rows per page
Query Builder