Recent CVEs
CVE-2017-0910
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
UNKNOWN
Nov 27, 2017
CVE-2017-0896
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
UNKNOWN
Jun 02, 2017