Lucene search
K

687 matches found

Cvelist
Cvelist
added 2025/12/08 12:0 a.m.27 views

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

0.00245EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/08 12:0 a.m.5 views

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

6.7AI score0.00185EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.6 views

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from improper access control in the /api/v1/user endpoint and could lead to the unauthorized creation of arbitrary...

7.5CVSS6.4AI score0.00223EPSS
Exploits1References5
OSV
OSV
added 2025/12/08 12:0 a.m.4 views

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS6.8AI score0.00156EPSS
Exploits1References4
OSV
OSV
added 2025/12/08 12:0 a.m.3 views

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

6.5CVSS6.8AI score0.00245EPSS
Exploits1References4
CVE
CVE
added 2025/12/08 12:0 a.m.23 views

CVE-2025-65795

Converging sources confirm CVE-2025-65795 affects usememos/memos v0.25.2, due to incorrect access control on /api/v1/user, enabling unauthenticated creation of arbitrary accounts. The OSV/GHSA entries and Red Hat/NVD mirrors all describe the same root cause and impact. The Snyk advisory additiona...

7.5CVSS6.5AI score0.00223EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/11/17 7:11 p.m.6 views

GO-2025-4127 Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos...

7.5CVSS6.9AI score0.00278EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/14 10:9 p.m.8 views

EUVD-2024-19274

Memos' Access Tokens Stay Valid after User Password Change...

7.1CVSS6.4AI score0.00278EPSS
Exploits1References4
OSV
OSV
added 2025/11/14 2:11 p.m.7 views

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.1CVSS6.4AI score0.00278EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/14 2:11 p.m.4 views

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.1CVSS6.1AI score0.00278EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/14 2:11 p.m.17 views

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.1CVSS0.00278EPSS
Exploits1References1
CVE
CVE
added 2025/11/14 2:11 p.m.26 views

CVE-2024-21635

Memos suffers from an issue where Access Tokens remain valid after a user password change, allowing a potential bad actor to continue accessing a compromised account. This affects versions up to and including 0.18.1, as tokens tied to the old password are not revoked automatically. The vulnerabil...

7.5CVSS6.2AI score0.00278EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.6 views

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos 0.18.1 and prior versions that stems from an access token not being invalidated after a password change, which could lead to continued account...

7.5CVSS6.5AI score0.00278EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-46955

Name of the Vulnerable Software and Affected Versions Memos versions up to and including 0.18.1 Description Memos is a note-taking service that utilizes Access Tokens for application authentication. A flaw exists where Access Tokens remain valid even after a user changes their password. This mean...

7.5CVSS6.2AI score0.00278EPSS
Exploits1References21
Veracode
Veracode
added 2025/10/13 10:6 a.m.6 views

Arbitrary File Write

github.com/usememos/memos is vulnerable to arbitrary file write. The vulnerability is due to improper validation of file paths in the CreateResource endpoint when storing objects locally, which allows an attacker to create files with path traversal sequences and write arbitrary files on the serve...

4.3CVSS7.2AI score0.0032EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7577

Malicious code in bioql PyPI...

8.3CVSS6.8AI score0.00695EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-2509

Malicious code in bioql PyPI...

5.8CVSS5.9AI score0.01135EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-7516

Malicious code in bioql PyPI...

8.8CVSS6.8AI score0.00308EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7729

Malicious code in bioql PyPI...

8.8CVSS4.8AI score0.00421EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7522

Malicious code in bioql PyPI...

8.3CVSS7.3AI score0.00346EPSS
Exploits1References4
Rows per page
Query Builder