CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

CVE-2020-12759

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook...

CVE-2020-10935

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover...

CVE-2022-31134

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many...

CVE-2019-16216

Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack...

EUVD-2018-21582

Malware in sbrugna...

EUVD-2018-21591

Malware in sbrugna...

EUVD-2018-21579

Malware in sbrugna...

EUVD-2018-21578

Malware in sbrugna...

EUVD-2019-9374

Malware in sbrugna...

EUVD-2019-8606

Malware in sbrugna...

EUVD-2019-7028

Malware in sbrugna...

EUVD-2020-7198

Malware in sbrugna...

EUVD-2020-6368

Malware in sbrugna...

EUVD-2020-6350

Malware in sbrugna...

EUVD-2020-5045

Malware in sbrugna...

EUVD-2020-3341

Malware in sbrugna...

EUVD-2020-30264

Malware in sbrugna...

EUVD-2020-30265

Malware in sbrugna...

EUVD-2021-17400

Malware in sbrugna...