Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.8 views

CVE-2022-23656

Zulip is an open source team chat app. The main development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several...

5.4CVSS6.5AI score0.00563EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-1249

Malware in sbrugna...

6.5CVSS6.6AI score0.01278EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-1253

Malware in sbrugna...

8.8CVSS8.8AI score0.01087EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-8854

Malicious code in bioql PyPI...

4.6CVSS6.6AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2024-52989

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.0055EPSS
Exploits0References2
NVD
NVD
added 2025/07/02 8:15 p.m.8 views

CVE-2025-52559

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...

6.8CVSS0.00233EPSS
Exploits0References4
OSV
OSV
added 2025/07/02 7:31 p.m.6 views

CVE-2025-52559 Zulip XSS in digest preview URL

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...

6.8CVSS5.6AI score0.00233EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 8:38 a.m.8 views

CVE-2019-19775

The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users...

6.1CVSS6.8AI score0.00865EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 1:5 a.m.12 views

CVE-2022-21706

Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...

9.8CVSS6.6AI score0.01368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/08/31 7:15 p.m.9 views

CVE-2022-36048 IP address leak via image proxy bypass in Zulip Server

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

4.3CVSS4.4AI score0.00507EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.5 views

PT-2022-23141 · Unknown · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions prior to 5.6 Description: The issue arises when displaying messages with embedded remote images. Normally, Zulip loads the image preview via a go-camo proxy server. However, an attacker who can send messages could includ...

4.3CVSS4.4AI score0.00507EPSS
Exploits0References4
CNVD
CNVD
added 2021/05/08 12:0 a.m.8 views

Unspecified vulnerability in Zulip server (CNVD-2021-39546)

Zulip server is an open source team chat application from the American company Zulip. A security vulnerability exists in version 3.x prior to Zulip Server 3.4, which stems from the ability of an organization administrator to move messages to streams in other organizations hosted by the same Zulip...

4CVSS6.7AI score0.00651EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/19 12:0 a.m.8 views

Zulip server cross-site scripting vulnerability (CNVD-2021-10499)

Zulip server is an open source team chat application from the American company Zulip. A cross-site scripting vulnerability exists in Zulip server versions prior to 2.0.5. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit this...

5.4CVSS6.1AI score0.00681EPSS
Exploits0References1
Rows per page
Query Builder