Known Vulnerabilities for products from Usememos
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Usememos".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-30586 json | Not Provided | 2026-06-02 | 2026-06-03 | |
| CVE-2026-6634 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2025-65799 json | A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execut... | Not Provided | 2025-12-08 | 2026-07-05 |
| CVE-2025-65798 json | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete... | Not Provided | 2025-12-08 | 2026-07-05 |
| CVE-2025-65797 json | Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privilege... | Not Provided | 2025-12-08 | 2026-07-05 |
| CVE-2025-65796 json | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions... | Not Provided | 2025-12-08 | 2026-07-05 |
| CVE-2025-65795 json | Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbit... | Not Provided | 2025-12-08 | 2026-07-05 |
| CVE-2023-5036 json | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. | 8.8 - HIGH | 2023-09-18 | 2023-09-19 |
| CVE-2023-4698 json | Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | 7.5 - HIGH | 2023-09-01 | 2023-09-01 |
| CVE-2023-4697 json | Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | 8.8 - HIGH | 2023-09-01 | 2023-09-01 |
| CVE-2023-4696 json | Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. | 9.8 - CRITICAL | 2023-09-01 | 2023-09-01 |
| CVE-2023-0112 json | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 - MEDIUM | 2023-01-07 | 2023-01-12 |
| CVE-2023-0111 json | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 - MEDIUM | 2023-01-07 | 2023-01-12 |
| CVE-2023-0110 json | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 - MEDIUM | 2023-01-07 | 2023-01-12 |
| CVE-2023-0108 json | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 - MEDIUM | 2023-01-07 | 2023-01-12 |
| CVE-2023-0107 json | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 - MEDIUM | 2023-01-07 | 2023-01-12 |
| CVE-2023-0106 json | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 - MEDIUM | 2023-01-07 | 2023-01-12 |
| CVE-2022-25978 json | All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient... | 6.1 - MEDIUM | 2023-02-15 | 2023-11-07 |
| CVE-2022-4866 json | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | 9 - CRITICAL | 2022-12-31 | 2023-01-06 |
| CVE-2022-4865 json | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | 9 - CRITICAL | 2022-12-31 | 2023-01-06 |