zulip

Top products

The 15 most recently published vulnerabilities affecting zulip.

• CVE-2026-40300Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history6.5May 12, 2026
• CVE-2026-26058Zulip: Path Traversal in Import6.1Apr 3, 2026
• CVE-2026-25742Zulip: Anonymous File Access After Disabling Spectator Access5.3Apr 3, 2026
• CVE-2026-25741Zulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing Users7.1Feb 26, 2026
• CVE-2026-24050Zulip affected by Stored XSS in user profile modal5.4Feb 6, 2026
• CVE-2025-52559Zulip XSS in digest preview URL6.8Jul 2, 2025
• CVE-2025-47930Zulip Server has access control bypass for restrictions on creation of specific channel types5.3May 15, 2025
• CVE-2025-31478Zulip Authentication Backend Configuration Bypass8.2Apr 16, 2025
• CVE-2025-30369Zulip allows the deletion of Custom profile fields by administrators of a different organization2.7Mar 31, 2025
• CVE-2025-30368Zulip allows the deletion of organization by administrators of a different organization2.7Mar 31, 2025
• CVE-2025-27149Zulip exports can leak private data2.7Mar 31, 2025
• CVE-2025-25195Zulip events can leak private channel names4.3Feb 13, 2025
• CVE-2024-56136/api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server5.3Jan 16, 2025
• CVE-2024-36625Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.5.4Nov 29, 2024
• CVE-2024-36624Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.5.4Nov 29, 2024