Filter
AND
-Infinity
0
Trending
Software
Zulip DesktopZulip events can leak private channel names
4.3
EPSS
0.04%
First published (updated )
Zulip Server/api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server
6.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerMoving single messages from public to private streams leaves them accessible
6.5
EPSS
0.04%
First published (updated )
Zulip ServerZulip non-admins can invite new users to streams they would not otherwise be able to add existing users to
4.3
EPSS
0.05%
First published (updated )
Zulip ServerStream description leaks to ex-subscribers in Zulip
4.3
First published (updated )
Zulip ServerZulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
6.5
First published (updated )
Zulip DesktopUnauthorized user can register an account in specific configurations in Zulip
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerUser uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip
4.6
First published (updated )
Zulip DesktopIP address leak via image proxy bypass in Zulip Server
4.3
First published (updated )
Zulip DesktopIn zulip before 1.3.12, bot API keys were accessible to other users in the same realm.
4.3
First published (updated )
Zulip ServerZulip Server public data export contains attachments that are non-public
4.9
First published (updated )
Zulip ServerCross-site scripting vulnerability in Zulip Server
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip DesktopCross-site Scripting (XSS) - Stored in zulip/zulip
6.8
First published (updated )
Zulip DesktopIneffective expiration validation for invitation links in Zulip
6.5
First published (updated )
Zulip DesktopRegular expression denial-of-service in Zulip
6.5
First published (updated )
Zulip ServerAn issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_st…
5.3
First published (updated )
Zulip ServerAn issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sen…
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerAn issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messag…
4.3
First published (updated )
Zulip ServerIn the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to mov…
First published (updated )
Zulip DesktopZulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due t…
5.3
First published (updated )
Zulip ServerZulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerZulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
6.1
First published (updated )
Zulip ServerThe image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redire…
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.