Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-08
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-08
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-08
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-08
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-08