687 matches found
Memos 安全漏洞
Memos is an open-source memo center with knowledge management and social features, hosted on a server. Memos versions 0.22.1 and earlier have a security vulnerability. This vulnerability stems from improper handling of the parameters additionalStyle/additionalScript in the UpdateInstanceSetting...
PT-2026-33756
Name of the Vulnerable Software and Affected Versions usememos memos versions prior to 0.22.2 Description Improper authorization occurs in the UpdateInstanceSetting component within the file src/App.tsx. Specifically, manipulating the additionalStyle or additionalScript arguments in the memos...
VulnCheck KEV: CVE-2025-22952
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...
Memos 0.13.2 - Cross-Site Scripting & SSRF
An SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. id: CVE-2024-29029...
Memos 0.13.2 - Server-Side Request Forgery
An SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. id: CVE-2024-29030 info: name: Memos 0.13.2 - Server-Side Request Forgery author: ritikchaddha severity: medium description: | An SSRF vulnerability exists at the /api/resource tha...
CVE-2023-4697
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...
CVE-2024-41659
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...
SUSE CVE-2025-65796
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...
SUSE CVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...
SUSE CVE-2025-65798
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...
SUSE CVE-2025-65799
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
GO-2025-4220 memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos...
GO-2025-4217 memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos
memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos...
GO-2025-4216 memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos
memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos...
GO-2025-4218 memos lacks file name validation or verification in github.com/usememos/memos
memos lacks file name validation or verification in github.com/usememos/memos...
GO-2025-4215 memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos
memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos...
CVE-2025-65796
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...
CVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...
CVE-2025-65799
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...