64 matches found
CVE-2023-4697
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4696
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4698
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-5036
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
CVE-2024-29030
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.
CVE-2024-29029
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current s...
CVE-2023-0107
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2022-4866
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4808
Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4848
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4850
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4797
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4851
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4849
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4863
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4691
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4686
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4802
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4806
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4839
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4841
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2025-22952
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.
CVE-2022-4687
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4803
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
CVE-2023-0110
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2022-4810
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4846
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-25978
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
CVE-2022-4734
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4865
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2024-41659
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker t...
CVE-2022-4609
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4799
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4804
Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4809
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4684
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4692
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4798
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4840
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4845
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4796
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4800
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4813
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4767
Denial of Service in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4811
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.
CVE-2022-4847
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2023-0106
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2022-4695
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4844
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2023-0111
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.