All 6 CVE vulnerabilities found in memos, with AI-generated Chinese analysis, references, and POCs.
Vendor: usememos
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6634 | usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization CWE-285 | 6.3 | Medium | 2026-04-20 |
| CVE-2024-21635 | Memos Access Tokens Stay Valid after User Password Change CWE-287 | 8.0 | - | 2025-11-14 |
| CVE-2024-41659 | GHSL-2024-034: memos CORS Misconfiguration in server.go CWE-942 | 8.1 | High | 2024-08-20 |
| CVE-2024-29029 | memos vulnerable to an SSRF in /o/get/image CWE-918 | 6.1 | Medium | 2024-04-19 |
| CVE-2024-29028 | memos vulnerable to an SSRF in /o/get/httpmeta CWE-918 | 5.8 | Medium | 2024-04-19 |
| CVE-2024-29030 | memos vulnerable to an SSRF in /api/resource CWE-918 | 5.8 | Medium | 2024-04-19 |
All 6 known CVE vulnerabilities affecting memos with full Chinese analysis, references, and POCs where available.