CVE-2026-30586

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

GHSA-8P44-G572-557H memos vulnerability allows arbitrarily modification or deletion of attachments

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

GO-2025-3831 Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

Memos has Cross-Site Scripting XSS Vulnerability in Image URLs in github.com/usememos/memos...

PT-2022-28109 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue concerns Improper Privilege Management in the GitHub repository usememos/memos. Recommendations: For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue...