CVE-2026-40300 Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

oxyproject-exec.txt

OxYProject 0.85 edithistory.php Remote Code Execution Vulnerability Script : http://puzzle.dl.sourceforge.net/sourceforge/oxyproject/OxYBox085uns.zip Code Vuln : Ln 24 include'oxycfg.php'; // // Editing the Chat History // $editfile = $file'ChatHistory'; $fh = fopen$editfile, 'a' or die"Error...