github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to add new members, via `user` API by exploiting the CSRF issue.Read More