Lucene search
K

265 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-27742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the...

6.5CVSS6.7AI score0.01136EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-27739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE...

9.8CVSS7.1AI score0.01814EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-37845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTL...

3.7CVSS6.1AI score0.00665EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-27741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages...

6.1CVSS6.5AI score0.00831EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-29547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS...

5.9CVSS6.4AI score0.00753EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in pinnacle_7dxeo_eg5my_citadel (npm)

The package pinnacle7dxeoeg5mycitadel was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:27 a.m.9 views

CVE-2023-44272

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...

5.4CVSS5.9AI score0.00444EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.6 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

3.7CVSS5.9AI score0.00665EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:59 p.m.5 views

CVE-2021-0456

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

6.7CVSS7.2AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:55 p.m.8 views

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

5.9CVSS7AI score0.00753EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 p.m.6 views

CVE-2020-27741

Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

6.1CVSS6AI score0.00831EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.6 views

CVE-2020-27740

Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

5.3CVSS7.1AI score0.01277EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.7 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.7AI score0.01136EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.8 views

CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

9.8CVSS7.1AI score0.01814EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/02/09 4:19 p.m.3 views

certificate_authority (=0.1.0), citadel_crypt (>=0.4.0 <=0.7.0) +13 more potentially affected by unknown CVE via pqc_kyber (>=0.4.0 <=0.7.1)

pqckyber CARGO version =0.4.0, =0.4.0, =0.3.0, =0.1.0-alpha, =1.3.0, =0.1.0, =11.0.0, =0.1.0, =9.0.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.19, =0.1.24 - sare-core =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-X5J2-G63M-F8G4...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/01 12:0 p.m.7 views

certificate_authority (=0.1.0), citadel_crypt (>=0.4.0 <=0.7.0) +13 more potentially affected by unknown CVE via pqc_kyber (>=0.4.0 <=0.7.1)

pqckyber CARGO version =0.4.0, =0.4.0, =0.3.0, =0.1.0-alpha, =1.3.0, =0.1.0, =11.0.0, =0.1.0, =9.0.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.19, =0.1.24 - sare-core =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0079...

5.5AI score
Exploits0
NVD
NVD
added 2023/10/04 9:15 a.m.23 views

CVE-2023-44272

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...

5.4CVSS5.2AI score0.00444EPSS
Exploits0References4
OSV
OSV
added 2023/10/04 9:15 a.m.4 views

CVE-2023-44272

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...

5.4CVSS5.6AI score0.00444EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/10/04 9:15 a.m.15 views

CVE-2023-44272

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...

5.4CVSS6AI score0.00444EPSS
Exploits0References6
OSV
OSV
added 2023/10/04 9:15 a.m.11 views

UBUNTU-CVE-2023-44272

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...

5.4CVSS5.7AI score0.00444EPSS
Exploits0References6
Rows per page
Query Builder