Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Usememos Subscribe
Total 53 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25978 1 Usememos 1 Memos 2025-03-18 N/A 5.4 MEDIUM
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
CVE-2024-29029 1 Usememos 1 Memos 2025-01-02 N/A 6.1 MEDIUM
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.
CVE-2023-5036 1 Usememos 1 Memos 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
CVE-2023-4698 1 Usememos 1 Memos 2024-11-21 N/A 7.5 HIGH
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4697 1 Usememos 1 Memos 2024-11-21 N/A 8.8 HIGH
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4696 1 Usememos 1 Memos 2024-11-21 N/A 9.8 CRITICAL
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-0112 1 Usememos 1 Memos 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0111 1 Usememos 1 Memos 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0110 1 Usememos 1 Memos 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0108 1 Usememos 1 Memos 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0107 1 Usememos 1 Memos 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0106 1 Usememos 1 Memos 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2022-4866 1 Usememos 1 Memos 2024-11-21 N/A 9.0 CRITICAL
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4865 1 Usememos 1 Memos 2024-11-21 N/A 9.0 CRITICAL
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4863 1 Usememos 1 Memos 2024-11-21 N/A 6.5 MEDIUM
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4851 1 Usememos 1 Memos 2024-11-21 N/A 5.3 MEDIUM
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4850 1 Usememos 1 Memos 2024-11-21 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4849 1 Usememos 1 Memos 2024-11-21 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4848 1 Usememos 1 Memos 2024-11-21 N/A 5.7 MEDIUM
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4847 1 Usememos 1 Memos 2024-11-21 N/A 6.5 MEDIUM
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.