EPSS
Percentile
21.8%
github.com/usememos/memos is vulnerable to privilege escalation. Incorrect use of privileged APIs due to insecure direct object references allows an attacker to archive private memos and delete/edit shortcuts on the user’s behalf.
github.com/advisories/GHSA-mq5q-gpgv-pwxw
github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
github.com/usememos/memos/pull/870
huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873
huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873/