Vulnerabilities > Zulip > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-26 CVE-2022-21706 Unspecified vulnerability in Zulip Server
Zulip is an open-source team collaboration tool with topic-based threading.
network
low complexity
zulip
critical
9.8
2022-01-25 CVE-2021-43799 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Zulip
Zulip is an open-source team collaboration tool.
network
low complexity
zulip CWE-338
critical
9.8
2021-02-05 CVE-2020-10857 Unspecified vulnerability in Zulip Desktop
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
network
low complexity
zulip
critical
9.8
2019-11-21 CVE-2019-18933 Unspecified vulnerability in Zulip Server
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
network
low complexity
zulip
critical
9.8