Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

430 matches found

EUVD
EUVDadded 2026/05/11 12:32 p.m.6 views

EUVD-2026-29047

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.3AI score0.00061EPSS
Exploits0References3
NVD
NVDadded 2026/05/11 10:16 a.m.8 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS0.00061EPSS
Exploits0References2
CVE
CVEadded 2026/05/11 9:32 a.m.11 views

CVE-2026-41951

The vulnerability CVE-2026-41951 affects GROWI up to v7.5.0, where a path traversal flaw could let an attacker cause the server to execute arbitrary EJS templates when an email server is running. The issue is documented in multiple sources (NVD/CVE entries) with CVSS v3.0/4.0 base scores of 7.2/8...

8.6CVSS7.3AI score0.00061EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/11 9:32 a.m.1 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS6.1AI score0.00061EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/11 9:32 a.m.32 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS0.00061EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/11 9:32 a.m.5 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.3AI score0.00061EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2026/05/11 9:20 a.m.6 views

GROWI vulnerable to path traversal

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-41951 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security Early Warning...

8.6CVSS7.4AI score0.00061EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.5 views

PT-2026-39589

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.3AI score0.00061EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.4 views

GROWI 路径遍历漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.5.0 and earlier have a path traversal vulnerability. This vulnerability allows attackers to execute arbitrary EJS templates on the server...

8.6CVSS7.3AI score0.00061EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/23 9:32 a.m.0 views

EUVD-2026-25199

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS7.1AI score0.00062EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2026/04/23 7:57 a.m.1 views

GROWI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2026-41040 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to GROWI, Inc. and coordinated. After the coordination was completed, GROWI,...

8.7CVSS7AI score0.00062EPSS
Exploits0References5
NVD
NVDadded 2026/04/23 7:16 a.m.1 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS0.00062EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/23 6:59 a.m.1 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS7.1AI score0.00062EPSS
Exploits0References2
CVE
CVEadded 2026/04/23 6:59 a.m.3 views

CVE-2026-41040

Technical details (affected versions, vulnerable components, exploit strings) are not publicly available in the provided documents. Monitor for updates.

8.7CVSS5.8AI score0.00062EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/23 6:59 a.m.1 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS5.8AI score0.00062EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/04/23 6:59 a.m.28 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS0.00062EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.2 views

PT-2026-34645

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS5.8AI score0.00062EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/04/23 12:0 a.m.3 views

GROWI 安全漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI has a security vulnerability that stems from a susceptibility to regular expression denial-of-service attacks...

8.7CVSS7.1AI score0.00062EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/17 6:31 p.m.0 views

EUVD-2026-22834

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS5.8AI score0.00037EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2026/04/15 8:21 a.m.4 views

GROWI vulnerable to stored cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2026-26291 Norihide Saito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

5.4CVSS6AI score0.00037EPSS
Exploits0References5
Rows per page
Query Builder