zulip Summary
Latest vulnerabilities published by zulip
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Cross-Site Scripting Vulnerability in Zulip Server by Zulip
CVE-2025-52559ZulipZulip6.8MEDIUMAccess Control Flaw in Zulip Team Chat Application
CVE-2025-47930ZulipZulip5.3MEDIUMSecurity Flaw in Zulip Collaboration Tool Affects Account Creation Process
CVE-2025-31478ZulipZulip8.2HIGHAuthorization Flaw in Zulip Affects Organization Administrators
CVE-2025-30369ZulipZulip2.7LOWAuthorization Flaw in Zulip Allows Unauthorized Export Deletions
CVE-2025-30368ZulipZulip2.7LOWData Exposure Flaw in Zulip Server Affects Open-Source Team Chat
CVE-2025-27149ZulipZulip4.6MEDIUMInformation Leakage Vulnerability in Zulip Team Chat Application
CVE-2025-25195ZulipZulip4.3MEDIUMInformation Disclosure Vulnerability in Zulip Server by Zulip
CVE-2024-56136ZulipZulip6.9MEDIUMMemory Leak Vulnerability in Zulip Affected Versions 8.0 to 8.3
CVE-2024-36612ZulipZulipZulip 8.3 vulnerable to Cross Site Scripting (XSS)
CVE-2024-36624ZulipZulip 8.3 Vulnerable to Cross Site Scripting (XSS)
CVE-2024-36625ZulipBug in Zulip's message moving feature causes issues with view permissions
CVE-2024-27286ZulipZulip6.5MEDIUMZulip non-admins can invite new users to streams they would not otherwise be able to add existing users to
CVE-2024-21630ZulipZulip4.3MEDIUMStream description leaks to ex-subscribers in Zulip
CVE-2023-47642ZulipZulip4.3MEDIUMZulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
CVE-2023-32678ZulipZulip6.5MEDIUMCross-site scripting vulnerability in Zulip Server development branch via topic tooltip
CVE-2023-33186zulipzulip6.1MEDIUMUnauthorized user can register an account in specific configurations in Zulip
CVE-2023-28623ZulipZulip6.5MEDIUMUsers who can send invitations can erroneously add users to streams during invitation in Zulip
CVE-2023-32677ZulipZulip3.1LOWUser uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip
CVE-2023-22735ZulipZulip4.4MEDIUMNon-constant-time SCIM token comparison in Zulip Server
CVE-2022-41914ZulipZulip3.7LOWIP address leak via image proxy bypass in Zulip Server
CVE-2022-36048ZulipZulip4.3MEDIUMCrafted link in Zulip message can cause disclosure of credentials
CVE-2022-35962ZulipZulip-mobile8HIGHAccess Control Flaw in Zulip Affects Deactivated Users
CVE-2016-4427ZulipZulip7.5HIGHSecurity Flaw in Zulip Bot API Keys Exposing User Data
CVE-2016-4426ZulipZulip4.3MEDIUMZulip Server insufficient authorization for changing bot roles
CVE-2022-31168ZulipZulip5.4MEDIUM