📦 Memos

CVE-2025-22952 is a Server-Side Request Forgery (SSRF) vulnerability in elestio memos v0.23.0 that allows attackers to make unauthorized requests from the server to internal or external systems. This ...

CVE-2023-4696 is an improper access control vulnerability in the memos self-hosted note-taking software that allows unauthenticated attackers to bypass authentication and access sensitive data. This a...

This vulnerability allows unauthenticated attackers to create arbitrary user accounts in usememos memos v0.25.2 by exploiting incorrect access control in the /api/v1/user endpoint. Any organization ru...

This vulnerability in Memos note-taking service allows attackers to maintain access to compromised accounts even after users change their passwords. Access tokens created before password changes remai...

This CSRF vulnerability in the memos application allows attackers to trick authenticated users into performing unintended actions by crafting malicious requests. It affects all users running memos ver...

This CVE describes an improper input validation vulnerability in the memos application that allows attackers to inject malicious input through user-controlled parameters. It affects all users running ...

This vulnerability allows attackers with low-level privileges in usememos memos v0.25.2 to modify or delete identity providers, potentially leading to account takeover or denial of service. Any organi...

CVE-2025-65799 is a path traversal vulnerability in usememos memos v0.25.2 that allows attackers to access files outside the intended directory through the Attachment service. This affects all deploym...

CVE-2025-65796 is an improper access control vulnerability in usememos memos v0.25.2 that allows authenticated users with low-level privileges to delete reactions (likes, comments, etc.) on other user...

An incorrect access control vulnerability in usememos memos v0.25.2 allows authenticated users with low-level privileges to modify or delete attachments uploaded by other users. This affects all deplo...

This vulnerability allows attackers to write arbitrary files to the server when Memos 0.22 is configured with local storage. Attackers can exploit the CreateResource endpoint using path traversal sequ...

Memos 0.22 has a stored XSS vulnerability in upload attachment and user avatar features where uploaded content isn't validated before being served back. Authenticated attackers can inject malicious sc...