Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip zulip vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-21706
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where...
Zulip Zulip Server
445
VMScore
CVE-2021-43799
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server before 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ...
Zulip Zulip
312
VMScore
CVE-2021-3866
Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and before 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.
Zulip Zulip
445
VMScore
CVE-2021-43791
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirma...
Zulip Zulip
356
VMScore
CVE-2021-41115
Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organizatio...
Zulip Zulip
356
VMScore
CVE-2021-30478
An issue exists in Zulip Server prior to 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations ho...
Zulip Zulip Server
356
VMScore
CVE-2021-30477
An issue exists in Zulip Server prior to 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send mes...
Zulip Zulip Server
356
VMScore
CVE-2021-30487
In the topic moving API in Zulip Server 3.x prior to 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
Zulip Zulip Server
445
VMScore
CVE-2021-30479
An issue exists in Zulip Server prior to 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
Zulip Zulip Server
668
VMScore
CVE-2020-10857
Zulip Desktop prior to 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
Zulip Zulip Desktop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »