73 matches found
CVE-2023-4697
CVE-2023-4697 affects the open-source project memos (GitHub: usememos/memos) prior to version 0.13.2. The root cause is improper privilege management within the application, leading to likely privilege escalation. The CVSS base metrics indicate HIGH impact to confidentiality, integrity, and avail...
CVE-2023-4696
CVE-2023-4696 — Affected: usememos/memos before version 0.13.2. Root cause: improper access control in the GitHub-hosted project. Impact: high/critical confidentiality, integrity, and availability risk per CVSS (NVD 3.1: 9.8; CRITICAL). Exploitation details are not provided in the connected docs....
CVE-2023-4698
CVE-2023-4698 affects usememos/memos prior to 0.13.2. The connected exploit doc describes a Local File Inclusion (LFI) via an inadequate validation of InternalPath, enabling access to server files (post-auth or remote code execution risks are implied by LFI in the blog). Public advisories consist...
CVE-2023-5036
CVE-2023-5036: CSRF in the usememos/memos GitHub project prior to version 0.15.1. The vulnerability affects the getimage endpoint and is triggered by a user interaction in authenticated contexts; no explicit exploit details are provided in the initial documents, but multiple sources corroborate a...
CVE-2024-29029
Memos: CVE-2024-29029 describes an SSRF flaw at the /o/get/image endpoint in memos 0.13.2 that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is echoed into the current server response, enabling a reflected XSS. The vulnerab...
CVE-2024-29030
CVE-2024-29030 : The memos project (github.com/usememos/memos) has a reported SSRF in the /api/resource endpoint affecting version 0.13.2. Authenticated users could enumerate internal network resources via this endpoint. The Nuclei template and Red Hat/OSV/NVD references corroborate this SSRF iss...
CVE-2025-22952
Elestio Memos (v0.23.0) is affected by CVE-2025-22952: a Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs. The Nuclei template confirms the issue as applicable to MEMOS versions up to 0.24.0 and notes that unauthenticated attackers can exploit SSRF to access...
CVE-2023-0107
CVE-2023-0107 affects the open-source memos project (usememos/memos) prior to version 0.10.0. The issue is a stored Cross-site Scripting (XSS) vulnerability stemming from the markup editor that can allow injected scripts in stored content. A fix is available by upgrading to version 0.10.0 or late...
CVE-2022-4866
The CVE-2022-4866 entry concerns the open-source project usememos/memos, where a Stored Cross-site Scripting (XSS) vulnerability affects versions prior to 0.9.1. The vulnerability is described as XSS stored in the application (no specific exploit vector details provided in the documents). Support...
CVE-2022-4850
The CVE-2022-4850 entry describes a Cross-Site Request Forgery (CSRF) in the GitHub repository usememos/memos for versions prior to 0.9.1. Affected software: usememos/memos (pre-0.9.1). The underlying issue is CSRF that could enable an attacker to cause unintended actions on behalf of an authenti...
CVE-2022-4806
CVE-2022-4806 affects usememos/memos before version 0.9.1. The connected records describe an improper access control/authorization bypass via a user-controlled key in the GitHub repository, enabling an IDOR-style exposure of memos. Reported impact includes unauthorized access to others’ public an...
CVE-2022-4848
CVE-2022-4848 affects usememos/memos prior to 0.9.1. Root cause: improper verification of the source of a communication channel in the GitHub repository usememos/memos. Documented impact is an improper verification vulnerability; no exploit specifics are provided in the supplied sources. Remediat...
CVE-2022-4863
The CVE-2022-4863 entry concerns usememos/memos prior to version 0.9.1, with the root cause described as Improper Handling of Insufficient Permissions or Privileges in the GitHub repository usememos/memos. Public sources in the connected data indicate impact on confidentiality/integrity/availabil...
CVE-2022-4691
CVE-2022-4691 affects usememos/memos prior to 0.9.0. The vulnerability is a stored Cross-site Scripting (XSS) issue in the application’s handling of user input (notably tied to content uploaded/ displayed by the app), allowing injected scripts to run in a victim’s browser. Root cause: input is st...
CVE-2022-4797
CVE-2022-4797 affects usememos/memos prior to v0.9.1. The root cause is improper restriction of excessive authentication attempts, enabling brute-force access to post deletion by guessing post IDs. Consequences include potential deletion of other users’ posts (high impact per linked advisories). ...
CVE-2022-4851
The CVE-2022-4851 entry refers to usememos/memos prior to version 0.9.1, with the root cause described as improper handling of values. The vulnerability allows an attacker to post malicious content to another user’s memos page via a POST request. Public details across connected documents confirm ...
CVE-2022-4692
CVE-2022-4692 affects usememos/memos prior to 0.9.0, with a stored XSS flaw in the application’s handling of user input (notably via its Resource component and SVG uploads). The vulnerability is documented across multiple sources (NVD/Red Hat OSV, GHSA, CNNVD, CVE lists) as a Cross-site Scripting...
CVE-2022-4808
CVE-2022-4808 affects the GitHub repository usememos/memos, specifically versions prior to 0.9.1. The connected sources uniformly describe an Improper Privilege Management vulnerability that can allow an attacker to manipulate user roles, with some entries citing the potential to assign a HOST ro...
CVE-2022-4811
The CVE-2022-4811 vulnerability concerns usememos/memos. It is an Authorization Bypass Through User-Controlled Key that allows an unauthorized user to access private memos by manipulating the URL. This affects versions prior to 0.9.1. The issue is documented across multiple sources (including Red...
CVE-2022-4798
CVE-2022-4798 affects usememos/memos versions prior to 0.9.1. The issue is an Authorization Bypass Through a User-Controlled Key (Improper Authorization) that could enable unauthorized access or actions such as potential API reset (per reported sources). Affected component is the memo platform’s ...
CVE-2022-4803
CVE-2022-4803 affects the GitHub repository usememos/memos, prior to version 0.9.1. The issue is an authorization bypass through a user-controlled key, caused by improper access control. The result is potential exposure or manipulation of user resources. Public data in connected documents confirm...
CVE-2022-4810
The CVE-2022-4810 case concerns usememos/memos prior to version 0.9.1 with an improper access control flaw exposed via the API, allowing a user to view private memos from other users. Root cause: insufficient authorization checks on private memo access. Impact: confidentiality of private memo con...
CVE-2024-41659
The CVE-2024-41659 issue affects memos (server.go) where a CORS misconfiguration in version
CVE-2022-4849
CVE-2022-4849 describes a Cross-Site Request Forgery (CSRF) in the GitHub repository usememos/memos prior to version 0.9.1. The vulnerability affects the public project code path and leads to action execution on behalf of an authenticated user, with impact described as high for integrity and pote...
CVE-2022-4686
CVE-2022-4686 affects the GitHub-hosted project usememos/memos, with versions prior to 0.9.0 vulnerable to an Authorization Bypass via a user-controlled key. The root cause, as described across sources, is improper/authentication-related handling that lets an attacker bypass authorization checks....
CVE-2022-4802
The CVE-2022-4802 entry covers usememos/memos prior to 0.9.1, where an Authorization Bypass Through a User-Controlled Key is reported. Multiple connected sources describe it as Improper Authorization/IDOR-like behavior that could allow bypassing access controls to view, update, or delete shortcut...
CVE-2022-4841
CVE-2022-4841 is a stored Cross-site Scripting (XSS) vulnerability in the open-source project usememos/memos, present in versions prior to 0.9.1. The public descriptions consistently state that user input stored by the application could be reflected in later displays, enabling XSS. The available ...
CVE-2022-4844
CVE-2022-4844 affects usememos/memos prior to 0.9.1. A CSRF vulnerability exists in the web app that could allow an attacker to induce authenticated actions (e.g., creating a HOST user) without user consent. Exploitation details are provided in Huntr’s PoC and related advisories, with remediation...
CVE-2022-4846
CVE-2022-4846 concerns Cross-Site Request Forgery (CSRF) in the open-source memo platform usememos/memos, with affected versions prior to 0.9.1. Multiple connected sources confirm the vulnerability in this GitHub-hosted project and reference similar advisories (GHSA, CNVD/CNNVD, OSV) describing C...
CVE-2022-4865
The CVE-2022-4865 entry concerns a Cross-site Scripting (XSS) vulnerability stored in the GitHub repository usememos/memos prior to version 0.9.1. Affected component is the memos web application; the underlying issue is stored XSS. In the connected documents, the vulnerability is consistently des...
CVE-2022-25978
CVE-2022-25978 affects all versions of github.com/usememos/memos/server. The root cause is insufficient checks on external resources, allowing attackers to introduce links starting with the javascript: scheme and trigger Cross-site Scripting (XSS). The provided documents consistently describe XSS...
CVE-2023-0110
CVE-2023-0110 is a stored XSS vulnerability in usememos/memos prior to 0.10.0. The issue is described across multiple sources as a stored XSS in the web app, with some references noting that the root cause relates to CSP being too permissive or not sufficiently restrictive. The affected component...
CVE-2022-4687
The CVE-2022-4687 entry concerns usememos/memos prior to version 0.9.0 with an issue described as the incorrect use of privileged APIs in the GitHub repository. The vulnerability is rated HIGH (CVSS ~8.1), with potential high impact on confidentiality and integrity but no availability impact repo...
CVE-2022-4839
CVE-2022-4839 is a stored Cross-site Scripting (XSS) vulnerability in the open-source project usememos/memos , affecting versions prior to 0.9.1. The issue allows injected scripts to run in a victim’s browser when interacting with the affected memos UI. Reported CVSS vectors indicate a MEDIUM (NV...
CVE-2022-4734
CVE-2022-4734 affects usememos/memos prior to 0.9.1. The root cause is Improper Removal of Sensitive Information Before Storage or Transfer, leading to exposure of user data to an authenticated user. Public sources in the connected documents describe leaks of names, emails, roles, and OpenID to a...
CVE-2022-4804
CVE-2022-4804 affects the open-source project usememos/memos prior to version 0.9.1 . The root cause is described as Improper Authorization in the GitHub repository, with documented implications including the ability to change a victim’s memo visibility (per CNNVD/NVD summaries and OSV/GHSA refer...
CVE-2022-4813
Vulnerability : usememos/memos prior to 0.9.1 has insufficient granularity of access control, enabling an IDOR on archived memos. Root cause : inadequate authorization checks on archive objects. Impact : attacker could delete archived memos (per multiple sources mentioning deletion via IDOR). Aff...
CVE-2022-4609
CVE-2022-4609 affects usememos/memos prior to 0.9.0. It is a stored Cross-site Scripting (XSS) vulnerability in the GitHub repository, allowing attacker-supplied scripts to be stored and executed in the application. Remediation: upgrade to version 0.9.0 or later (patch anticipated in 0.9.0). Some...
CVE-2022-4796
CVE-2022-4796 affects the open source project usememos/memos prior to version 0.9.1. The issue is described as an incorrect use of privileged APIs that allows a user with login permission to delete all notes in the application via the API endpoint https://demo.usememos.com/api/memo/$idnote. This ...
CVE-2022-4799
CVE-2022-4799 affects usememos/memos before 0.9.1. Root cause: Authorization Bypass Through a User-Controlled Key, i.e., improper authentication. Impact: unauthorized access to resources (owners/posts) and, per CNVD, potential IDOR-style actions like deleting posts. Remediation: upgrade to versio...
CVE-2022-4809
CVE-2022-4809 affects the usememos/memos project (GitHub repository) and is caused by improper access control in versions prior to 0.9.1. The vulnerability can allow an attacker to change user properties (username, email, display name), leading to full account takeover as described in multiple so...
CVE-2022-4684
CVE-2022-4684 describes an improper access control vulnerability in the GitHub repository for usememos/memos prior to version 0.9.0. The issue impacts the project’s access boundaries, allowing potential unauthorized access as indicated by the CVE description and corroborating sources. Public refe...
CVE-2022-4767
The CVE-2022-4767 entry concerns a Denial of Service vulnerability in the GitHub repository usememos/memos, affecting versions prior to 0.9.1. The underlying issue is triggered in legacy releases and can impact availability. A patched version is available; remediation is to upgrade to 0.9.1 or la...
CVE-2022-4805
CVE-2022-4805 affects usememos/memos prior to 0.9.1. The root cause is incorrect use of privileged APIs, enabling a user to archive private memos, delete any shortcut, and edit shortcuts from other users via the API. Impact is unauthorized modification/access of sensitive data as described across...
CVE-2022-4812
CVE-2022-4812 affects the open-source memos project (usememos/memos) prior to v0.9.1, where a user-controlled key enables an authorization bypass. Several connected records corroborate an impact described as unauthorized access that can result in deletion of user resources (IDOR-like behavior), i...
CVE-2024-29028
The CVE-2024-29028 entry concerns the memos service (GitHub project usememos/memos). It documents a Server-Side Request Forgery (SSRF) vulnerability in the API endpoint /o/get/httpmeta in version 0.13.2, allowing unauthenticated users to enumerate the internal network and read limited HTML values...
CVE-2022-4694
CVE-2022-4694 is a stored cross-site scripting vulnerability in the open-source memo app usememos/memos, affecting versions prior to 0.9.0. The issue arises from unvalidated input being stored and then rendered to other users, enabling script execution in victims’ browsers. Reported as XSS with p...
CVE-2022-4800
The CVE-2022-4800 entry concerns usememos/memos, with versions prior to 0.9.1 vulnerable to improper verification of the source of a communication channel. The issue affects the GitHub repository and is addressed by upgrading to 0.9.1 or later; no explicit exploit details are provided in the conn...
CVE-2022-4840
CVE-2022-4840 : A stored Cross-site Scripting (XSS) vulnerability exists in the GitHub project usememos/memos for versions prior to 0.9.1. The issue is triggered when untrusted user input is included in outputs without proper validation, enabling script injection. The Red Hat/OSV/PT-Security/GHSA...
CVE-2022-4695
CVE-2022-4695 affects usememos/memos prior to version 0.9.0. The issue is described as a Stored Cross-site Scripting (XSS) vulnerability arising from how user input is handled and stored (e.g., when creating a post) and later displayed. Documented impact is XSS with potential interaction required...