Vulnerabilidades en Zulip
37 resultadosCVE-2022-41914LOWNon-constant-time SCIM token comparison in Zulip ServerEPSS 0.5%CVE-2022-36048MEDIUMIP address leak via image proxy bypass in Zulip ServerEPSS 0.5%CVE-2023-47642MEDIUMStream description leaks to ex-subscribers in ZulipEPSS 0.5%CVE-2023-32678MEDIUMZulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribersEPSS 0.4%CVE-2024-21630MEDIUMZulip non-admins can invite new users to streams they would not otherwise be able to add existing users toEPSS 0.4%CVE-2025-25195MEDIUMZulip events can leak private channel namesEPSS 0.3%CVE-2026-25742MEDIUMZulip: Anonymous File Access After Disabling Spectator AccessEPSS 0.3%CVE-2025-31478HIGHZulip Authentication Backend Configuration BypassEPSS 0.3%CVE-2025-30368LOWZulip allows the deletion of organization by administrators of a different organizationEPSS 0.3%CVE-2025-47930MEDIUMZulip Server has access control bypass for restrictions on creation of specific channel typesEPSS 0.3%CVE-2026-25741HIGHZulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing UsersEPSS 0.3%CVE-2025-27149MEDIUMZulip exports can leak private dataEPSS 0.3%CVE-2026-40300MEDIUMZulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/historyEPSS 0.2%CVE-2025-30369LOWZulip allows the deletion of Custom profile fields by administrators of a different organizationEPSS 0.2%CVE-2026-26058MEDIUMZulip: Path Traversal in ImportEPSS 0.2%CVE-2025-52559MEDIUMZulip XSS in digest preview URLEPSS 0.2%CVE-2026-24050LOWZulip affected by Stored XSS in user profile modalEPSS 0.2%