Lucene search
K
UsememosMemos

73 matches found

CVE
CVE
added 2023/09/01 12:0 a.m.129 views

CVE-2023-4697

CVE-2023-4697 affects the open-source project memos (GitHub: usememos/memos) prior to version 0.13.2. The root cause is improper privilege management within the application, leading to likely privilege escalation. The CVSS base metrics indicate HIGH impact to confidentiality, integrity, and avail...

8.8CVSS8.7AI score0.00701EPSS
CVE
CVE
added 2023/09/01 12:0 a.m.124 views

CVE-2023-4696

CVE-2023-4696 — Affected: usememos/memos before version 0.13.2. Root cause: improper access control in the GitHub-hosted project. Impact: high/critical confidentiality, integrity, and availability risk per CVSS (NVD 3.1: 9.8; CRITICAL). Exploitation details are not provided in the connected docs....

9.8CVSS9.5AI score0.00899EPSS
CVE
CVE
added 2023/09/01 12:0 a.m.120 views

CVE-2023-4698

CVE-2023-4698 affects usememos/memos prior to 0.13.2. The connected exploit doc describes a Local File Inclusion (LFI) via an inadequate validation of InternalPath, enabling access to server files (post-auth or remote code execution risks are implied by LFI in the blog). Public advisories consist...

7.5CVSS7.5AI score0.00759EPSS
CVE
CVE
added 2023/09/18 5:46 a.m.113 views

CVE-2023-5036

CVE-2023-5036: CSRF in the usememos/memos GitHub project prior to version 0.15.1. The vulnerability affects the getimage endpoint and is triggered by a user interaction in authenticated contexts; no explicit exploit details are provided in the initial documents, but multiple sources corroborate a...

8.8CVSS8AI score0.00285EPSS
CVE
CVE
added 2024/04/19 3:14 p.m.108 views

CVE-2024-29029

Memos: CVE-2024-29029 describes an SSRF flaw at the /o/get/image endpoint in memos 0.13.2 that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is echoed into the current server response, enabling a reflected XSS. The vulnerab...

6.1CVSS6AI score0.0108EPSS
In wild
CVE
CVE
added 2024/04/19 3:13 p.m.104 views

CVE-2024-29030

CVE-2024-29030 : The memos project (github.com/usememos/memos) has a reported SSRF in the /api/resource endpoint affecting version 0.13.2. Authenticated users could enumerate internal network resources via this endpoint. The Nuclei template and Red Hat/OSV/NVD references corroborate this SSRF iss...

5.8CVSS5.4AI score0.01135EPSS
In wild
CVE
CVE
added 2025/02/27 12:0 a.m.103 views

CVE-2025-22952

Elestio Memos (v0.23.0) is affected by CVE-2025-22952: a Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs. The Nuclei template confirms the issue as applicable to MEMOS versions up to 0.24.0 and notes that unauthenticated attackers can exploit SSRF to access...

9.8CVSS7AI score0.02818EPSS
In wild
CVE
CVE
added 2023/01/07 12:0 a.m.94 views

CVE-2023-0107

CVE-2023-0107 affects the open-source memos project (usememos/memos) prior to version 0.10.0. The issue is a stored Cross-site Scripting (XSS) vulnerability stemming from the markup editor that can allow injected scripts in stored content. A fix is available by upgrading to version 0.10.0 or late...

6.5CVSS5.4AI score0.00498EPSS
CVE
CVE
added 2022/12/31 12:0 a.m.93 views

CVE-2022-4866

The CVE-2022-4866 entry concerns the open-source project usememos/memos, where a Stored Cross-site Scripting (XSS) vulnerability affects versions prior to 0.9.1. The vulnerability is described as XSS stored in the application (no specific exploit vector details provided in the documents). Support...

9.8CVSS8.6AI score0.00991EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.86 views

CVE-2022-4850

The CVE-2022-4850 entry describes a Cross-Site Request Forgery (CSRF) in the GitHub repository usememos/memos for versions prior to 0.9.1. Affected software: usememos/memos (pre-0.9.1). The underlying issue is CSRF that could enable an attacker to cause unintended actions on behalf of an authenti...

6.5CVSS6.5AI score0.00328EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.83 views

CVE-2022-4806

CVE-2022-4806 affects usememos/memos before version 0.9.1. The connected records describe an improper access control/authorization bypass via a user-controlled key in the GitHub repository, enabling an IDOR-style exposure of memos. Reported impact includes unauthorized access to others’ public an...

8.2CVSS5.6AI score0.00756EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.83 views

CVE-2022-4848

CVE-2022-4848 affects usememos/memos prior to 0.9.1. Root cause: improper verification of the source of a communication channel in the GitHub repository usememos/memos. Documented impact is an improper verification vulnerability; no exploit specifics are provided in the supplied sources. Remediat...

8.6CVSS5.9AI score0.00528EPSS
CVE
CVE
added 2022/12/30 12:0 a.m.83 views

CVE-2022-4863

The CVE-2022-4863 entry concerns usememos/memos prior to version 0.9.1, with the root cause described as Improper Handling of Insufficient Permissions or Privileges in the GitHub repository usememos/memos. Public sources in the connected data indicate impact on confidentiality/integrity/availabil...

8.4CVSS6.8AI score0.00679EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.81 views

CVE-2022-4691

CVE-2022-4691 affects usememos/memos prior to 0.9.0. The vulnerability is a stored Cross-site Scripting (XSS) issue in the application’s handling of user input (notably tied to content uploaded/ displayed by the app), allowing injected scripts to run in a victim’s browser. Root cause: input is st...

8.3CVSS5.5AI score0.00695EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.81 views

CVE-2022-4797

CVE-2022-4797 affects usememos/memos prior to v0.9.1. The root cause is improper restriction of excessive authentication attempts, enabling brute-force access to post deletion by guessing post IDs. Consequences include potential deletion of other users’ posts (high impact per linked advisories). ...

9.8CVSS5AI score0.00713EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.81 views

CVE-2022-4808

CVE-2022-4808 affects the GitHub repository usememos/memos, specifically versions prior to 0.9.1. The connected sources uniformly describe an Improper Privilege Management vulnerability that can allow an attacker to manipulate user roles, with some entries citing the potential to assign a HOST ro...

8.8CVSS6.3AI score0.00421EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.81 views

CVE-2022-4851

The CVE-2022-4851 entry refers to usememos/memos prior to version 0.9.1, with the root cause described as improper handling of values. The vulnerability allows an attacker to post malicious content to another user’s memos page via a POST request. Public details across connected documents confirm ...

9.8CVSS5.6AI score0.00772EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.80 views

CVE-2022-4692

CVE-2022-4692 affects usememos/memos prior to 0.9.0, with a stored XSS flaw in the application’s handling of user input (notably via its Resource component and SVG uploads). The vulnerability is documented across multiple sources (NVD/Red Hat OSV, GHSA, CNNVD, CVE lists) as a Cross-site Scripting...

7.1CVSS5.4AI score0.00564EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.80 views

CVE-2022-4811

The CVE-2022-4811 vulnerability concerns usememos/memos. It is an Authorization Bypass Through User-Controlled Key that allows an unauthorized user to access private memos by manipulating the URL. This affects versions prior to 0.9.1. The issue is documented across multiple sources (including Red...

8.3CVSS6.2AI score0.00564EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.78 views

CVE-2022-4798

CVE-2022-4798 affects usememos/memos versions prior to 0.9.1. The issue is an Authorization Bypass Through a User-Controlled Key (Improper Authorization) that could enable unauthorized access or actions such as potential API reset (per reported sources). Affected component is the memo platform’s ...

8.6CVSS5.6AI score0.00702EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.78 views

CVE-2022-4803

CVE-2022-4803 affects the GitHub repository usememos/memos, prior to version 0.9.1. The issue is an authorization bypass through a user-controlled key, caused by improper access control. The result is potential exposure or manipulation of user resources. Public data in connected documents confirm...

8.8CVSS8.4AI score0.00811EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.78 views

CVE-2022-4810

The CVE-2022-4810 case concerns usememos/memos prior to version 0.9.1 with an improper access control flaw exposed via the API, allowing a user to view private memos from other users. Root cause: insufficient authorization checks on private memo access. Impact: confidentiality of private memo con...

6.3CVSS4.8AI score0.00465EPSS
CVE
CVE
added 2024/08/20 7:54 p.m.78 views

CVE-2024-41659

The CVE-2024-41659 issue affects memos (server.go) where a CORS misconfiguration in version

8.1CVSS7.8AI score0.00607EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.77 views

CVE-2022-4849

CVE-2022-4849 describes a Cross-Site Request Forgery (CSRF) in the GitHub repository usememos/memos prior to version 0.9.1. The vulnerability affects the public project code path and leads to action execution on behalf of an authenticated user, with impact described as high for integrity and pote...

8.3CVSS6.9AI score0.00346EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.75 views

CVE-2022-4686

CVE-2022-4686 affects the GitHub-hosted project usememos/memos, with versions prior to 0.9.0 vulnerable to an Authorization Bypass via a user-controlled key. The root cause, as described across sources, is improper/authentication-related handling that lets an attacker bypass authorization checks....

9.8CVSS9.2AI score0.00731EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.75 views

CVE-2022-4802

The CVE-2022-4802 entry covers usememos/memos prior to 0.9.1, where an Authorization Bypass Through a User-Controlled Key is reported. Multiple connected sources describe it as Improper Authorization/IDOR-like behavior that could allow bypassing access controls to view, update, or delete shortcut...

9.1CVSS5.8AI score0.00568EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.75 views

CVE-2022-4841

CVE-2022-4841 is a stored Cross-site Scripting (XSS) vulnerability in the open-source project usememos/memos, present in versions prior to 0.9.1. The public descriptions consistently state that user input stored by the application could be reflected in later displays, enabling XSS. The available ...

8.6CVSS5.5AI score0.00601EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.75 views

CVE-2022-4844

CVE-2022-4844 affects usememos/memos prior to 0.9.1. A CSRF vulnerability exists in the web app that could allow an attacker to induce authenticated actions (e.g., creating a HOST user) without user consent. Exploitation details are provided in Huntr’s PoC and related advisories, with remediation...

8.8CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.75 views

CVE-2022-4846

CVE-2022-4846 concerns Cross-Site Request Forgery (CSRF) in the open-source memo platform usememos/memos, with affected versions prior to 0.9.1. Multiple connected sources confirm the vulnerability in this GitHub-hosted project and reference similar advisories (GHSA, CNVD/CNNVD, OSV) describing C...

6.5CVSS6.4AI score0.00256EPSS
CVE
CVE
added 2022/12/31 12:0 a.m.75 views

CVE-2022-4865

The CVE-2022-4865 entry concerns a Cross-site Scripting (XSS) vulnerability stored in the GitHub repository usememos/memos prior to version 0.9.1. Affected component is the memos web application; the underlying issue is stored XSS. In the connected documents, the vulnerability is consistently des...

9CVSS8.4AI score0.00991EPSS
CVE
CVE
added 2023/02/15 5:0 a.m.74 views

CVE-2022-25978

CVE-2022-25978 affects all versions of github.com/usememos/memos/server. The root cause is insufficient checks on external resources, allowing attackers to introduce links starting with the javascript: scheme and trigger Cross-site Scripting (XSS). The provided documents consistently describe XSS...

6.1CVSS5.9AI score0.00534EPSS
CVE
CVE
added 2023/01/07 12:0 a.m.74 views

CVE-2023-0110

CVE-2023-0110 is a stored XSS vulnerability in usememos/memos prior to 0.10.0. The issue is described across multiple sources as a stored XSS in the web app, with some references noting that the root cause relates to CSP being too permissive or not sufficiently restrictive. The affected component...

7.1CVSS5.4AI score0.00498EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.73 views

CVE-2022-4687

The CVE-2022-4687 entry concerns usememos/memos prior to version 0.9.0 with an issue described as the incorrect use of privileged APIs in the GitHub repository. The vulnerability is rated HIGH (CVSS ~8.1), with potential high impact on confidentiality and integrity but no availability impact repo...

8.1CVSS8.1AI score0.00633EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.73 views

CVE-2022-4839

CVE-2022-4839 is a stored Cross-site Scripting (XSS) vulnerability in the open-source project usememos/memos , affecting versions prior to 0.9.1. The issue allows injected scripts to run in a victim’s browser when interacting with the affected memos UI. Reported CVSS vectors indicate a MEDIUM (NV...

8CVSS5.5AI score0.00766EPSS
CVE
CVE
added 2022/12/25 12:0 a.m.71 views

CVE-2022-4734

CVE-2022-4734 affects usememos/memos prior to 0.9.1. The root cause is Improper Removal of Sensitive Information Before Storage or Transfer, leading to exposure of user data to an authenticated user. Public sources in the connected documents describe leaks of names, emails, roles, and OpenID to a...

8.1CVSS5.6AI score0.00773EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.71 views

CVE-2022-4804

CVE-2022-4804 affects the open-source project usememos/memos prior to version 0.9.1 . The root cause is described as Improper Authorization in the GitHub repository, with documented implications including the ability to change a victim’s memo visibility (per CNNVD/NVD summaries and OSV/GHSA refer...

8.2CVSS5.7AI score0.0059EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.71 views

CVE-2022-4813

Vulnerability : usememos/memos prior to 0.9.1 has insufficient granularity of access control, enabling an IDOR on archived memos. Root cause : inadequate authorization checks on archive objects. Impact : attacker could delete archived memos (per multiple sources mentioning deletion via IDOR). Aff...

8.6CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2022/12/19 12:0 a.m.70 views

CVE-2022-4609

CVE-2022-4609 affects usememos/memos prior to 0.9.0. It is a stored Cross-site Scripting (XSS) vulnerability in the GitHub repository, allowing attacker-supplied scripts to be stored and executed in the application. Remediation: upgrade to version 0.9.0 or later (patch anticipated in 0.9.0). Some...

7.6CVSS5.4AI score0.00704EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.70 views

CVE-2022-4796

CVE-2022-4796 affects the open source project usememos/memos prior to version 0.9.1. The issue is described as an incorrect use of privileged APIs that allows a user with login permission to delete all notes in the application via the API endpoint https://demo.usememos.com/api/memo/$idnote. This ...

8.1CVSS8.1AI score0.00761EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.69 views

CVE-2022-4799

CVE-2022-4799 affects usememos/memos before 0.9.1. Root cause: Authorization Bypass Through a User-Controlled Key, i.e., improper authentication. Impact: unauthorized access to resources (owners/posts) and, per CNVD, potential IDOR-style actions like deleting posts. Remediation: upgrade to versio...

8.6CVSS6.7AI score0.00762EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.69 views

CVE-2022-4809

CVE-2022-4809 affects the usememos/memos project (GitHub repository) and is caused by improper access control in versions prior to 0.9.1. The vulnerability can allow an attacker to change user properties (username, email, display name), leading to full account takeover as described in multiple so...

8.8CVSS8.6AI score0.00911EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.68 views

CVE-2022-4684

CVE-2022-4684 describes an improper access control vulnerability in the GitHub repository for usememos/memos prior to version 0.9.0. The issue impacts the project’s access boundaries, allowing potential unauthorized access as indicated by the CVE description and corroborating sources. Public refe...

8.8CVSS8.1AI score0.00607EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.68 views

CVE-2022-4767

The CVE-2022-4767 entry concerns a Denial of Service vulnerability in the GitHub repository usememos/memos, affecting versions prior to 0.9.1. The underlying issue is triggered in legacy releases and can impact availability. A patched version is available; remediation is to upgrade to 0.9.1 or la...

7.6CVSS7.4AI score0.00678EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.68 views

CVE-2022-4805

CVE-2022-4805 affects usememos/memos prior to 0.9.1. The root cause is incorrect use of privileged APIs, enabling a user to archive private memos, delete any shortcut, and edit shortcuts from other users via the API. Impact is unauthorized modification/access of sensitive data as described across...

7.3CVSS5AI score0.00507EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.68 views

CVE-2022-4812

CVE-2022-4812 affects the open-source memos project (usememos/memos) prior to v0.9.1, where a user-controlled key enables an authorization bypass. Several connected records corroborate an impact described as unauthorized access that can result in deletion of user resources (IDOR-like behavior), i...

8.6CVSS6.7AI score0.00578EPSS
CVE
CVE
added 2024/04/19 3:14 p.m.68 views

CVE-2024-29028

The CVE-2024-29028 entry concerns the memos service (GitHub project usememos/memos). It documents a Server-Side Request Forgery (SSRF) vulnerability in the API endpoint /o/get/httpmeta in version 0.13.2, allowing unauthenticated users to enumerate the internal network and read limited HTML values...

5.8CVSS5.5AI score0.01049EPSS
In wild
CVE
CVE
added 2022/12/23 12:0 a.m.67 views

CVE-2022-4694

CVE-2022-4694 is a stored cross-site scripting vulnerability in the open-source memo app usememos/memos, affecting versions prior to 0.9.0. The issue arises from unvalidated input being stored and then rendered to other users, enabling script execution in victims’ browsers. Reported as XSS with p...

5.7CVSS5.2AI score0.00539EPSS
CVE
CVE
added 2022/12/28 12:0 a.m.67 views

CVE-2022-4800

The CVE-2022-4800 entry concerns usememos/memos, with versions prior to 0.9.1 vulnerable to improper verification of the source of a communication channel. The issue affects the GitHub repository and is addressed by upgrading to 0.9.1 or later; no explicit exploit details are provided in the conn...

8.6CVSS6.7AI score0.00586EPSS
CVE
CVE
added 2022/12/29 12:0 a.m.67 views

CVE-2022-4840

CVE-2022-4840 : A stored Cross-site Scripting (XSS) vulnerability exists in the GitHub project usememos/memos for versions prior to 0.9.1. The issue is triggered when untrusted user input is included in outputs without proper validation, enabling script injection. The Red Hat/OSV/PT-Security/GHSA...

7.6CVSS5.4AI score0.00652EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.66 views

CVE-2022-4695

CVE-2022-4695 affects usememos/memos prior to version 0.9.0. The issue is described as a Stored Cross-site Scripting (XSS) vulnerability arising from how user input is handled and stored (e.g., when creating a post) and later displayed. Documented impact is XSS with potential interaction required...

7.6CVSS5.4AI score0.00652EPSS
Total number of security vulnerabilities73