CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTL...

3.7CVSS5.2AI score0.00465EPSS

Exploits1References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2023-44272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the scri...

5.4CVSS5.3AI score0.00387EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 4:27 a.m.•4 views

CVE-2023-44272

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...

5.4CVSS5.9AI score0.00387EPSS

Exploits0

RedhatCVE•added 2025/05/22 8:53 p.m.•2 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

3.7CVSS5.9AI score0.00465EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:55 p.m.•6 views

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

5.9CVSS7AI score0.00684EPSS

Exploits0

Vulnrichment•added 2023/05/29 12:0 a.m.•7 views

CVE-2020-29547

6.9AI score0.00684EPSS

Exploits0References2

Positive Technologies•added 2023/05/29 12:0 a.m.•2 views

PT-2023-12330 · Citadel · Citadel

Name of the Vulnerable Software and Affected Versions: Citadel through webcit-932 Description: An issue was discovered that allows a meddler-in-the-middle attacker to fixate their own session during the cleartext phase before a STARTTLS command, violating the RFC2595 standard. This potentially...

3.7CVSS6.6AI score0.00465EPSS

Exploits1References9

Vulnrichment•added 2023/05/29 12:0 a.m.•7 views

CVE-2021-37845

6.6AI score0.00465EPSS

Exploits1References3

Tenable Nessus•added 2008/01/22 12:0 a.m.•16 views

Citadel < 7.11 makeuserkey Function RCPT TO Command Remote Overflow

Binary data 4352.prm...

7.5CVSS7.3AI score0.13907EPSS

Exploits4References2

Rows per page