Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
UsememosMemos

67 matches found

CVE
CVEadded 2023/01/07 4:15 a.m.51 views

CVE-2023-0111

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4CVSS5.2AI score0.00088EPSS
CVE
CVEadded 2023/01/07 4:15 a.m.51 views

CVE-2023-0112

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

7.6CVSS5.4AI score0.0009EPSS
CVE
CVEadded 2022/12/23 12:15 p.m.50 views

CVE-2022-4690

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

7.1CVSS5.4AI score0.0013EPSS
CVE
CVEadded 2022/12/27 3:15 p.m.49 views

CVE-2022-4694

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

5.7CVSS5.2AI score0.00091EPSS
CVE
CVEadded 2022/12/28 2:15 p.m.49 views

CVE-2022-4805

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

7.3CVSS5AI score0.00049EPSS
CVE
CVEadded 2022/12/28 2:15 p.m.48 views

CVE-2022-4801

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

8.2CVSS5.7AI score0.00088EPSS
CVE
CVEadded 2022/12/23 12:15 p.m.47 views

CVE-2022-4688

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.

8.8CVSS8.7AI score0.00077EPSS
CVE
CVEadded 2022/12/28 2:15 p.m.47 views

CVE-2022-4807

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

8.2CVSS5AI score0.00074EPSS
CVE
CVEadded 2024/11/15 11:15 a.m.47 views

CVE-2023-0109

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This ...

9.8CVSS6.8AI score0.00102EPSS
CVE
CVEadded 2022/12/28 2:15 p.m.46 views

CVE-2022-4814

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

8.6CVSS5AI score0.00087EPSS
CVE
CVEadded 2023/01/07 4:15 a.m.46 views

CVE-2023-0108

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

7.1CVSS5.4AI score0.0008EPSS
CVE
CVEadded 2022/12/23 12:15 p.m.45 views

CVE-2022-4683

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

6.5CVSS5.3AI score0.00138EPSS
CVE
CVEadded 2024/04/19 3:15 p.m.45 views

CVE-2024-29028

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

5.8CVSS5.5AI score0.08744EPSS
CVE
CVEadded 2022/12/23 12:15 p.m.44 views

CVE-2022-4689

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

8.8CVSS8.6AI score0.00073EPSS
CVE
CVEadded 2025/07/29 3:15 p.m.18 views

CVE-2025-50738

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be explo...

9.8CVSS6.3AI score0.03706EPSS
CVE
CVEadded 6 days ago7 views

CVE-2025-56761

Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...

5.4CVSS5.1AI score0.00029EPSS
CVE
CVEadded 6 days ago5 views

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.

4.3CVSS6.5AI score0.00037EPSS
Total number of security vulnerabilities67