github.com/usememos/memos is vulnerable to information disclosure. A remote authenticated attacker is able to gain access to confidential user details via the `api/status` endpoint, which returns emai ...
Continue Reading
January 04, 2023
Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).Read More ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to insecure direct object references. Improper Authorization due to insecure direct object references allow an attacker to trigger the `Reset` API on user's beh ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to improper authentication. The vulnerability allows a remote attacker to use the `Reset` API on any user without consent via IDOR.Read More ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to add new members, via `user` API by exploiting the CSRF issue.Read More ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to cross-site request forgery. The vulnerability exists in an incorrectly specified destination in a communication channel which allows an attacker to change th ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to force the change of a password and/or other personal information on a user's behalf, through `shortcut` AP ...
Continue Reading
January 04, 2023
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
January 04, 2023
Back to Main
