Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-16215
The Markdown parser in Zulip server prior to 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing ...
Zulip Zulip Server
6.1
CVSSv3
CVE-2018-9987
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x prior to 1.7.2, there was an XSS issue with muting notifications.
Zulip Zulip Server
6.1
CVSSv3
CVE-2018-9986
In Zulip Server versions prior to 1.7.2, there were XSS issues with the frontend markdown processor.
Zulip Zulip Server
6.1
CVSSv3
CVE-2018-9990
In Zulip Server versions prior to 1.7.2, there was an XSS issue with stream names in topic typeahead.
Zulip Zulip Server
5.4
CVSSv3
CVE-2018-9999
In Zulip Server versions prior to 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
Zulip Zulip Server
1 Github repository
8.8
CVSSv3
CVE-2017-0910
In Zulip Server prior to 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
Zulip Zulip Server
6.5
CVSSv3
CVE-2017-0896
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to...
Zulip Zulip Server 1.3.11
Zulip Zulip Server 1.3.2
Zulip Zulip Server 1.3.8
Zulip Zulip Server 1.3.1
Zulip Zulip Server 1.4.0
Zulip Zulip Server 1.3.3
Zulip Zulip Server 1.3.12
Zulip Zulip Server 1.3.10
Zulip Zulip Server 1.3.6
Zulip Zulip Server 1.4.2
Zulip Zulip Server 1.3.7
Zulip Zulip Server 1.5.1
Zulip Zulip Server 1.4.3
Zulip Zulip Server 1.3.0
Zulip Zulip Server 1.3.4
Zulip Zulip Server 1.5.0
Zulip Zulip Server 1.3.13
Zulip Zulip Server 1.4.1
Zulip Zulip Server 1.3.9
4.3
CVSSv3
CVE-2017-0881
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server prior to 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to ...
Zulip Zulip Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4