Filter
-Infinity
0
Trending
Software
Zulip ServerZulip Authentication Backend Configuration Bypass
8.2
First published (updated )
Zulip ServerZulip allows the deletion of Custom profile fields by administrators of a different organization
2.7
EPSS
0.02%
First published (updated )
Zulip ServerZulip allows the deletion of organization by administrators of a different organization
2.7
EPSS
0.02%
First published (updated )
Zulip DesktopZulip events can leak private channel names
4.3
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip Server/api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server
6.9
First published (updated )
Zulip DesktopZulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
7.5
First published (updated )
Zulip ServerMoving single messages from public to private streams leaves them accessible
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerZulip non-admins can invite new users to streams they would not otherwise be able to add existing users to
4.3
EPSS
0.05%
First published (updated )
Zulip ServerStream description leaks to ex-subscribers in Zulip
4.3
First published (updated )
Zulip ServerZulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
6.5
First published (updated )
Zulip ServerCross-site scripting vulnerability in Zulip Server development branch via topic tooltip
8.2
First published (updated )
Zulip DesktopUnauthorized user can register an account in specific configurations in Zulip
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip DesktopUsers who can send invitations can erroneously add users to streams during invitation in Zulip
3.1
First published (updated )
Zulip ServerUser uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip
4.6
First published (updated )
Zulip ServerNon-constant-time SCIM token comparison in Zulip Server
3.7
First published (updated )
Zulip DesktopIP address leak via image proxy bypass in Zulip Server
4.3
First published (updated )
Zulip DesktopCrafted link in Zulip message can cause disclosure of credentials
8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip DesktopIn zulip before 1.3.12, deactivated users could access messages if SSO was enabled.
7.5
First published (updated )
Zulip DesktopIn zulip before 1.3.12, bot API keys were accessible to other users in the same realm.
4.3
First published (updated )
Zulip DesktopZulip Server insufficient authorization for changing bot roles
8.8
First published (updated )
Zulip ServerZulip Server public data export contains attachments that are non-public
4.9
First published (updated )
Zulip DesktopExpression Always True vulnerability in Zulip Server
2.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerCross-site scripting vulnerability in Zulip Server
5.4
First published (updated )
Zulip ServerMulti-use invitations can grant access to other organizations in Zulip
9.8
First published (updated )
Zulip DesktopRabbitMQ exposes ports with weak default secrets in Zulip Server
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.