Usememos

Memos

75 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-30586

  • EPSS 0.22%
  • Veröffentlicht 02.06.2026 00:00:00
  • Zuletzt bearbeitet 04.06.2026 16:18:41

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo View pages

6.3

CVE-2026-6634

Exploit
  • EPSS 0.25%
  • Veröffentlicht 20.04.2026 11:30:13
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes impr...

4.3

CVE-2025-65799

Exploit
  • EPSS 0.23%
  • Veröffentlicht 08.12.2025 00:00:00
  • Zuletzt bearbeitet 09.12.2025 17:15:32

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

6.5

CVE-2025-65797

Exploit
  • EPSS 0.3%
  • Veröffentlicht 08.12.2025 00:00:00
  • Zuletzt bearbeitet 11.12.2025 00:04:16

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

7.5

CVE-2025-65795

Exploit
  • EPSS 0.27%
  • Veröffentlicht 08.12.2025 00:00:00
  • Zuletzt bearbeitet 09.12.2025 17:15:53

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

4.3

CVE-2025-65796

Exploit
  • EPSS 0.21%
  • Veröffentlicht 08.12.2025 00:00:00
  • Zuletzt bearbeitet 09.12.2025 17:45:46

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

5.4

CVE-2025-65798

Exploit
  • EPSS 0.19%
  • Veröffentlicht 08.12.2025 00:00:00
  • Zuletzt bearbeitet 09.12.2025 17:28:13

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

7.5

CVE-2024-21635

Exploit
  • EPSS 0.25%
  • Veröffentlicht 14.11.2025 14:11:38
  • Zuletzt bearbeitet 26.11.2025 16:05:49

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their ac...

4.3

CVE-2025-56760

Exploit
  • EPSS 0.32%
  • Veröffentlicht 03.09.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 18:30:48

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.

5.4

CVE-2025-56761

Exploit
  • EPSS 0.24%
  • Veröffentlicht 03.09.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 18:27:28

Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use th...