Filter
AND
-Infinity
0
Trending
Software
Zulip ServerCross-site scripting vulnerability in Zulip Server
5.4
First published (updated )
Zulip ServerZulip Server public data export contains attachments that are non-public
4.9
First published (updated )
Zulip DesktopIP address leak via image proxy bypass in Zulip Server
4.3
First published (updated )
Zulip ServerMoving single messages from public to private streams leaves them accessible
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerUser uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip
4.6
First published (updated )
Zulip DesktopZulip events can leak private channel names
4.3
EPSS
0.04%
First published (updated )
Zulip DesktopUnauthorized user can register an account in specific configurations in Zulip
6.5
First published (updated )
Zulip Server/api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server
6.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip DesktopIneffective expiration validation for invitation links in Zulip
6.5
First published (updated )
Zulip ServerZulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
6.5
First published (updated )
Zulip ServerStream description leaks to ex-subscribers in Zulip
4.3
First published (updated )
Zulip DesktopIn zulip before 1.3.12, bot API keys were accessible to other users in the same realm.
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerZulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerThe image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redire…
6.1
First published (updated )
Zulip ServerThe Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential…
6.5
First published (updated )
Zulip ServerZulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip ServerZulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
6.1
First published (updated )
Zulip DesktopRegular expression denial-of-service in Zulip
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.