Every CVE whose affected-product data names Zulip Zulip Desktop, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-10857 — CVSS 9.8 (critical): Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
CVE-2020-10858 — CVSS 5.3 (medium): Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.