Skip to main content

Memos

71 CVEs product

Monthly

CVE-2026-6634 Go LOW POC Monitor

Improper authorization in usememos memos up to version 0.22.1 allows authenticated remote attackers to bypass access controls via manipulation of additionalStyle and additionalScript arguments in the UpdateInstanceSetting component, potentially leading to unauthorized information disclosure, modification, and service disruption. The vulnerability has publicly available exploit code and affects the memos_access_token function in src/App.tsx. The vendor did not respond to early disclosure efforts.

Authentication Bypass Memos
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-65799 Go MEDIUM POC PATCH This Month

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

Path Traversal Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65797 Go MEDIUM POC PATCH This Month

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

Authentication Bypass Denial Of Service Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65795 Go HIGH POC PATCH This Week

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-65798 Go MEDIUM POC PATCH This Month

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-65796 Go MEDIUM POC PATCH This Month

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-21635 Go HIGH POC PATCH This Month

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Memos
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-56761 Go MEDIUM POC PATCH This Month

Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Memos Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-56760 Go MEDIUM POC PATCH This Month

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Memos Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22952 Go CRITICAL POC PATCH THREAT Act Now

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%.

SSRF Memos Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
35.0%
Threat
4.5
CVE-2024-41659 Go HIGH POC PATCH This Week

memos is a privacy-first, lightweight note-taking service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cors Misconfiguration Memos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-29029 Go MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Memos
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-29030 Go MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-29028 Go MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-5036 Go HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-4698 Go HIGH POC PATCH This Week

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4697 Go HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4696 Go CRITICAL PATCH Act Now

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0112 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0111 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0110 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0108 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0107 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0106 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4866 Go CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-4865 Go CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-4863 Go MEDIUM POC PATCH This Month

Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-4851 Go MEDIUM POC PATCH This Month

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-4850 Go MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4849 Go MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4848 Go MEDIUM POC PATCH This Month

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2022-4847 Go MEDIUM POC PATCH This Month

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4846 Go MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4845 Go MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-4844 Go HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-4841 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4840 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4839 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4814 Go MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-4813 Go MEDIUM POC PATCH This Month

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-4812 Go MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4811 Go MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4810 Go MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-4809 Go HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-4808 Go HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-4807 Go MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-4806 Go MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-4805 Go MEDIUM POC PATCH This Month

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-4804 Go MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-4803 Go HIGH POC PATCH This Week

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4802 Go MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4801 Go MEDIUM POC PATCH This Month

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-4800 Go MEDIUM POC PATCH This Month

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4799 Go MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-4798 Go MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-4797 Go MEDIUM POC PATCH This Month

Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-4796 Go HIGH POC PATCH This Week

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-4767 Go HIGH POC PATCH This Week

Denial of Service in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-4734 Go MEDIUM POC PATCH This Month

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-4695 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4694 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4691 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4692 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4690 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4689 Go HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4688 Go HIGH POC PATCH This Week

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4687 Go HIGH POC PATCH This Week

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-4686 Go CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-4684 Go HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4683 Go MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-4609 Go MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
EPSS 0% CVSS 2.1
LOW POC Monitor

Improper authorization in usememos memos up to version 0.22.1 allows authenticated remote attackers to bypass access controls via manipulation of additionalStyle and additionalScript arguments in the UpdateInstanceSetting component, potentially leading to unauthorized information disclosure, modification, and service disruption. The vulnerability has publicly available exploit code and affects the memos_access_token function in src/App.tsx. The vendor did not respond to early disclosure efforts.

Authentication Bypass Memos
NVD VulDB GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

Path Traversal Memos
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

Authentication Bypass Denial Of Service Memos
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

Authentication Bypass Memos
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

Authentication Bypass Memos
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

Authentication Bypass Memos
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Month

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Memos
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Memos Suse
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Memos Suse
NVD GitHub
EPSS 35% 4.5 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%.

SSRF Memos Suse
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

memos is a privacy-first, lightweight note-taking service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cors Misconfiguration Memos
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Memos
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Memos
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM POC PATCH This Month

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Memos
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Denial of Service in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memos
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy