Filtered by vendor Usememos
Subscriptions
Total
59 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-41659 | 1 Usememos | 1 Memos | 2024-08-22 | 8.1 High |
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. This vulnerability is fixed in 0.21.0. | ||||
CVE-2022-25978 | 1 Usememos | 1 Memos | 2024-08-03 | 5.4 Medium |
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. | ||||
CVE-2022-4845 | 1 Usememos | 1 Memos | 2024-08-03 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4863 | 1 Usememos | 1 Memos | 2024-08-03 | 6.5 Medium |
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4866 | 1 Usememos | 1 Memos | 2024-08-03 | 9.0 Critical |
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4841 | 1 Usememos | 1 Memos | 2024-08-03 | 5.4 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4849 | 1 Usememos | 1 Memos | 2024-08-03 | 6.5 Medium |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4847 | 1 Usememos | 1 Memos | 2024-08-03 | 6.5 Medium |
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4851 | 1 Usememos | 1 Memos | 2024-08-03 | 5.3 Medium |
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4850 | 1 Usememos | 1 Memos | 2024-08-03 | 6.5 Medium |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4844 | 1 Usememos | 1 Memos | 2024-08-03 | 8.8 High |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4840 | 1 Usememos | 1 Memos | 2024-08-03 | 5.4 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4865 | 1 Usememos | 1 Memos | 2024-08-03 | 9.0 Critical |
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4846 | 1 Usememos | 1 Memos | 2024-08-03 | 6.5 Medium |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4848 | 1 Usememos | 1 Memos | 2024-08-03 | 5.7 Medium |
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4839 | 1 Usememos | 1 Memos | 2024-08-03 | 5.4 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4811 | 1 Usememos | 1 Memos | 2024-08-03 | 8.3 High |
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1. | ||||
CVE-2022-4803 | 1 Usememos | 1 Memos | 2024-08-03 | 8.8 High |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4807 | 1 Usememos | 1 Memos | 2024-08-03 | 4.3 Medium |
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4810 | 1 Usememos | 1 Memos | 2024-08-03 | 4.3 Medium |
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. |