VYPR
Vendor

Usememos

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2026-30586MedJun 2, 2026
    risk 0.33cvss 6.1epss 0.00

    Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo View pages

  • CVE-2025-65797Dec 8, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

  • CVE-2025-65799Dec 8, 2025
    risk 0.00cvss epss 0.00

    A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

  • CVE-2025-65796Dec 8, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

  • CVE-2025-65795Dec 8, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

  • CVE-2025-65798Dec 8, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

  • CVE-2024-21635Nov 14, 2025
    risk 0.00cvss epss 0.00

    Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised,…

  • CVE-2024-41659Aug 20, 2024
    risk 0.00cvss epss 0.01

    memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request,…

  • CVE-2024-29029Apr 19, 2024
    risk 0.00cvss epss 0.01

    memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the…

  • CVE-2024-29028Apr 19, 2024
    risk 0.00cvss epss 0.01

    memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

  • CVE-2024-29030Apr 19, 2024
    risk 0.00cvss epss 0.01

    memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.