| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6634 | usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization | usememos | memos | Medium | 6.3 | 2026-04-20 11:30:14 | Deep Dive |
| CVE-2024-21635 | Memos Access Tokens Stay Valid after User Password Change | usememos | memos | 中危 | - | 2025-11-14 14:11:38 | Deep Dive |
| CVE-2023-0109 | Stored XSS in usememos/memos | usememos | usememos/memos | - | - | 2024-11-15 10:57:22 | Deep Dive |
| CVE-2024-41659 | GHSL-2024-034: memos CORS Misconfiguration in server.go | usememos | memos | High | 8.1 | 2024-08-20 19:54:08 | Deep Dive |
| CVE-2024-29029 | memos vulnerable to an SSRF in /o/get/image | usememos | memos | Medium | 6.1 | 2024-04-19 15:14:10 | Deep Dive |
| CVE-2024-29028 | memos vulnerable to an SSRF in /o/get/httpmeta | usememos | memos | Medium | 5.8 | 2024-04-19 15:14:03 | Deep Dive |
| CVE-2024-29030 | memos vulnerable to an SSRF in /api/resource | usememos | memos | Medium | 5.8 | 2024-04-19 15:14:00 | Deep Dive |
| CVE-2023-5036 | Cross-Site Request Forgery (CSRF) in usememos/memos | usememos | usememos/memos | 高危 | - | 2023-09-18 05:46:45 | Deep Dive |
| CVE-2023-4697 | Improper Privilege Management in usememos/memos | usememos | usememos/memos | 高危 | - | 2023-09-01 00:00:21 | Deep Dive |
| CVE-2023-4696 | Improper Access Control in usememos/memos | usememos | usememos/memos | 超危 | - | 2023-09-01 00:00:20 | Deep Dive |
| CVE-2023-4698 | Improper Input Validation in usememos/memos | usememos | usememos/memos | 高危 | - | 2023-09-01 00:00:20 | Deep Dive |
| CVE-2022-25978 | memos 跨站脚本漏洞 | - | github.com/usememos/memos/server | Medium | 5.4 | 2023-02-15 05:00:01 | Deep Dive |
| CVE-2023-0110 | Cross-site Scripting (XSS) - Stored in usememos/memos | usememos | usememos/memos | 中危 | - | 2023-01-07 00:00:00 | Deep Dive |
| CVE-2023-0112 | Cross-site Scripting (XSS) - Stored in usememos/memos | usememos | usememos/memos | 中危 | - | 2023-01-07 00:00:00 | Deep Dive |
| CVE-2023-0108 | Cross-site Scripting (XSS) - Stored in usememos/memos | usememos | usememos/memos | 中危 | - | 2023-01-07 00:00:00 | Deep Dive |
| CVE-2023-0107 | Cross-site Scripting (XSS) - Stored in usememos/memos | usememos | usememos/memos | 中危 | - | 2023-01-07 00:00:00 | Deep Dive |
| CVE-2023-0106 | Cross-site Scripting (XSS) - Stored in usememos/memos | usememos | usememos/memos | 中危 | - | 2023-01-07 00:00:00 | Deep Dive |
| CVE-2023-0111 | Cross-site Scripting (XSS) - Stored in usememos/memos | usememos | usememos/memos | 中危 | - | 2023-01-07 00:00:00 | Deep Dive |
| CVE-2022-4865 | Cross-site Scripting (XSS) - Stored in usememos/memos | usememos | usememos/memos | 超危 | - | 2022-12-31 00:00:00 | Deep Dive |
| CVE-2022-4866 | Cross-site Scripting (XSS) - Stored in usememos/memos | usememos | usememos/memos | 超危 | - | 2022-12-31 00:00:00 | Deep Dive |