687 matches found
CVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...
CVE-2025-65799
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
Memos 安全漏洞
Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from improper access control in the /api/v1/user endpoint and could lead to the unauthorized creation of arbitrary...
CVE-2025-65798
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...
CVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...
CVE-2025-65795
Converging sources confirm CVE-2025-65795 affects usememos/memos v0.25.2, due to incorrect access control on /api/v1/user, enabling unauthenticated creation of arbitrary accounts. The OSV/GHSA entries and Red Hat/NVD mirrors all describe the same root cause and impact. The Snyk advisory additiona...
GO-2025-4127 Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos
Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos...
EUVD-2024-19274
Memos' Access Tokens Stay Valid after User Password Change...
CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
CVE-2024-21635
Memos suffers from an issue where Access Tokens remain valid after a user password change, allowing a potential bad actor to continue accessing a compromised account. This affects versions up to and including 0.18.1, as tokens tied to the old password are not revoked automatically. The vulnerabil...
Memos 安全漏洞
Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos 0.18.1 and prior versions that stems from an access token not being invalidated after a password change, which could lead to continued account...
PT-2025-46955
Name of the Vulnerable Software and Affected Versions Memos versions up to and including 0.18.1 Description Memos is a note-taking service that utilizes Access Tokens for application authentication. A flaw exists where Access Tokens remain valid even after a user changes their password. This mean...
Arbitrary File Write
github.com/usememos/memos is vulnerable to arbitrary file write. The vulnerability is due to improper validation of file paths in the CreateResource endpoint when storing objects locally, which allows an attacker to create files with path traversal sequences and write arbitrary files on the serve...
EUVD-2022-7577
Malicious code in bioql PyPI...
EUVD-2024-2509
Malicious code in bioql PyPI...
EUVD-2022-7516
Malicious code in bioql PyPI...
EUVD-2022-7729
Malicious code in bioql PyPI...
EUVD-2022-7522
Malicious code in bioql PyPI...