CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

PT-2025-26809 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to 7.1.6 Description: The issue is related to inefficient regular expression complexity, which can be exploited by a logged-in user to cause a denial of service DoS condition. Recommendations: For versions prior to 7.1.6,...

JVN#21624250: Inefficient regular expressions in GROWI

GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2025-43880 Impact A logged-in user...

CVE-2023-50332

Improper authorization vulnerability exists in the User Management /admin/users page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention...

CVE-2023-42436

Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2021-20619

Cross-site scripting vulnerability in GROWI v4.2 Series versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors...

WESEEK GROWI Input Validation Error Vulnerability

GROWI is a team collaboration software. WESEEK GROWI suffers from an input validation error vulnerability that can be exploited by remote attackers to cause a denial of service...

Weseek GROWI 输入验证错误漏洞

GROWI is a team collaboration software. WESEEK GROWI suffers from an input validation error vulnerability that can be exploited by remote attackers to cause a denial of service...