Search Results (215 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0886 9 Apple, Kde, Libtiff and 6 more 13 Mac Os X, Mac Os X Server, Kde and 10 more 2026-04-16 N/A
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVE-2005-0237 2 Kde, Redhat 3 Kde, Konqueror, Enterprise Linux 2026-04-16 N/A
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2005-1852 5 Centericq, Ekg, Kadu and 2 more 5 Centericq, Ekg, Kadu and 2 more 2026-04-16 N/A
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
CVE-2000-0371 1 Kde 1 Kde 2026-04-16 N/A
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
CVE-2001-0782 1 Kde 1 Ktv 2026-04-16 N/A
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file.
CVE-2000-0918 1 Kde 1 Kvt 2026-04-16 N/A
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
CVE-1999-0780 3 Freebsd, Kde, Linux 3 Freebsd, Kde, Linux Kernel 2026-04-16 N/A
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
CVE-1999-0781 3 Freebsd, Kde, Linux 3 Freebsd, Kde, Linux Kernel 2026-04-16 N/A
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
CVE-1999-1107 1 Kde 1 Kde 2026-04-16 N/A
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
CVE-2025-59820 1 Kde 1 Krita 2026-04-15 6.7 Medium
In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.
CVE-2025-32901 1 Kde 1 Kdeconnect 2026-04-15 4.3 Medium
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
CVE-2025-66002 2 Kde, Smb4k 2 Kde, Smb4k 2026-04-15 N/A
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper
CVE-2024-57966 1 Kde 1 Ark 2026-04-15 5 Medium
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
CVE-2025-32900 3 Apple, Google, Kde 6 Ios, Android, Gsconnect and 3 more 2026-04-15 4.3 Medium
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.
CVE-2023-52723 1 Kde 1 Libksieve 2026-04-15 7.1 High
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
CVE-2025-32898 3 Apple, Google, Kde 6 Ios, Android, Gsconnect and 3 more 2026-04-15 4.7 Medium
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.
CVE-2025-62876 1 Kde 1 Kde 2026-04-15 N/A
A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.
CVE-2025-55174 1 Kde 1 Skanpage 2026-04-15 3.2 Low
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly.
CVE-2025-69412 1 Kde 1 Messagelib 2026-04-15 3.4 Low
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
CVE-2025-66003 2 Kde, Smb4k 2 Kde, Smb4k 2026-04-15 N/A
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.