github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to add new members with any role, via the `user` API, which allows the attacker to takeover memos application with `HOST` role.Read More
Cross-Site Request Forgery (CSRF)
