CVE Tools

usememos

Enterprise Softwareoss-project

57

Cumulative CVEs

3

Monthly snapshots

#24

Peak rank

Top products

memos4 usememos/memos4

Latest CVEs

The 15 most recently published vulnerabilities affecting usememos.

CVE-2026-6634usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization6.3Apr 20, 2026
CVE-2025-65799A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.4.3Dec 8, 2025
CVE-2025-65798Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.5.4Dec 8, 2025
CVE-2025-65797Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading...6.5Dec 8, 2025
CVE-2025-65796Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.4.3Dec 8, 2025
CVE-2025-65795Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.7.5Dec 8, 2025
CVE-2024-21635Memos Access Tokens Stay Valid after User Password Change7.5Nov 14, 2025
CVE-2025-56761Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serv...5.4Sep 3, 2025
CVE-2025-56760When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write...4.3Sep 3, 2025
CVE-2025-50738The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches...9.8Jul 29, 2025
CVE-2025-22952elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.9.8Feb 27, 2025
CVE-2023-0109Stored XSS in usememos/memos5.4Nov 15, 2024
CVE-2024-41659GHSL-2024-034: memos CORS Misconfiguration in server.go8.1Aug 20, 2024
CVE-2024-29029memos vulnerable to an SSRF in /o/get/image6.1Apr 19, 2024
CVE-2024-29028memos vulnerable to an SSRF in /o/get/httpmeta5.8Apr 19, 2024