Memos Security Vulnerabilities and Issues — Memos CVE List

Lucene search

UsememosMemos

4 matches found

CVE•added 2024/04/19 3:15 p.m.•85 views

CVE-2024-29030

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.

5.8CVSS5.4AI score0.00079EPSS

CVE•added 2023/01/07 4:15 a.m.•50 views

CVE-2023-0111

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4CVSS5.2AI score0.00088EPSS

CVE•added 2022/12/27 3:15 p.m.•48 views

CVE-2022-4694

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

5.7CVSS5.2AI score0.00091EPSS

CVE•added 2024/04/19 3:15 p.m.•41 views

CVE-2024-29028

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

5.8CVSS5.5AI score0.00087EPSS