MODERATE

In usememos/memos 0.9.0 and prior, an attacker can delete other users’ posts via post id, which can be done via brute force.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4797
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170d…

usememos/memos 0.9.0 and prior is vulnerable to Improper Authentication.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4799
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
https://huntr.dev/bounties/c5d70f9d-b7…

usememos/memos 0.9.0 and prior is vulnerable to Improper Verification of Source of a Communication Channel.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4800
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
htt…

usememos/memos 0.9.0 and prior allows an attacker to archive any user’s public or private post.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4801
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
https://huntr.d…

usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4802
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
https://huntr.dev/bounties/d47d4a94-92e…

usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4804
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
https://huntr.dev/bounties/4ee48a1e-633…

usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4798
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
https://huntr.dev/bounties/e12eed25-1a8…

A vulnerability, which was classified as problematic, has been found in Harvest Chosen up to 1.8.6. Affected by this issue is the function AbstractChosen of the file coffee/lib/abstract-chosen.coffee. The manipulation of the argument group_label leads …

Json2html is a client side javascript HTML templating library with wrappers for both jQuery and Node.js. A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file jso…

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-36563
…