14 matches found
CVE-2026-25742
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
CVE-2026-25742
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
CVE-2026-25742
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
EUVD-2026-18835
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
CVE-2026-25742
Zulip CVE-2026-25742 affects versions before 11.6. Before 11.6, even with spectator access disabled (enable_spectator_access / WEB_PUBLIC_STREAMS_ENABLED), attachments from web-public streams could be retrieved anonymously, and the endpoint /users/me//topics remained reachable to expose topic his...
CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
PT-2026-30211
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enable spectator access / WEB PUBLIC STREAMS ENABLED is disabled, attachments originating from web-public...
Zulip 安全漏洞
Zulip is a powerful open-source chat application developed by the American company Zulip. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Versions of Zulip from 1.4.0 to 11.6 contained security vulnerabilities. These vulnerabilities occurr...
EUVD-2021-17402
Malware in sbrugna...
CVE-2021-30479
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...
CVE-2021-30479
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...
CVE-2021-30479
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...
Zulip 安全漏洞
Zulip server is an open source team chat application from the American company Zulip. A security vulnerability exists in Zulip Server versions prior to 3.4 that stems from a public API that causes guest users to be able to receive message traffic from a public stream that should only be accessibl...