Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
9.8CVSS
9.8AI Score
0.006EPSS
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
5.3CVSS
5.2AI Score
0.001EPSS