CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

CVE-2020-12759

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook...

CVE-2020-10935

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover...

CVE-2022-23656

Zulip is an open source team chat app. The main development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several...

CVE-2022-31134

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many...

CVE-2019-16216

Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack...

EUVD-2017-1249

Malware in sbrugna...

EUVD-2020-30265

Malware in sbrugna...

EUVD-2018-21578

Malware in sbrugna...

EUVD-2018-21582

Malware in sbrugna...

EUVD-2017-1253

Malware in sbrugna...

EUVD-2018-21579

Malware in sbrugna...

EUVD-2019-9374

Malware in sbrugna...

EUVD-2021-17400

Malware in sbrugna...

EUVD-2020-6350

Malware in sbrugna...

EUVD-2020-6368

Malware in sbrugna...

EUVD-2021-17401

Malware in sbrugna...

EUVD-2021-17409

Malware in sbrugna...

EUVD-2021-17402

Malware in sbrugna...

EUVD-2018-21591

Malware in sbrugna...