Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (215 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0019 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | ||||
| CVE-2000-0371 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. | ||||
| CVE-2000-0481 | 1 Kde | 1 K-mail | 2026-04-16 | N/A |
| Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. | ||||
| CVE-2004-0527 | 1 Kde | 1 Konqueror | 2026-04-16 | N/A |
| KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | ||||
| CVE-2004-0746 | 5 Gentoo, Kde, Mandrakesoft and 2 more | 6 Linux, Kde, Konqueror and 3 more | 2026-04-16 | N/A |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
| CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2026-04-16 | N/A |
| The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | ||||
| CVE-2005-0754 | 5 Conectiva, Gentoo, Kde and 2 more | 6 Linux, Linux, Kde and 3 more | 2026-04-16 | N/A |
| Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2005-3625 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2026-04-16 | N/A |
| Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." | ||||
| CVE-2005-3626 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2026-04-16 | N/A |
| Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. | ||||
| CVE-2024-57966 | 1 Kde | 1 Ark | 2026-04-15 | 5 Medium |
| libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. | ||||
| CVE-2025-66003 | 2 Kde, Smb4k | 2 Kde, Smb4k | 2026-04-15 | N/A |
| An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5. | ||||
| CVE-2025-59820 | 1 Kde | 1 Krita | 2026-04-15 | 6.7 Medium |
| In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative. | ||||
| CVE-2025-62876 | 1 Kde | 1 Kde | 2026-04-15 | N/A |
| A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4. | ||||
| CVE-2025-66270 | 3 Apple, Google, Kde | 6 Ios, Android, Gsconnect and 3 more | 2026-04-15 | 4.7 Medium |
| The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49. | ||||
| CVE-2025-69412 | 1 Kde | 1 Messagelib | 2026-04-15 | 3.4 Low |
| KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. | ||||
| CVE-2024-50624 | 1 Kde | 1 Kmail | 2026-04-15 | 5.9 Medium |
| ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard. | ||||
| CVE-2023-52723 | 1 Kde | 1 Libksieve | 2026-04-15 | 7.1 High |
| In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | ||||
| CVE-2025-32901 | 1 Kde | 1 Kdeconnect | 2026-04-15 | 4.3 Medium |
| In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash. | ||||
| CVE-2025-66002 | 2 Kde, Smb4k | 2 Kde, Smb4k | 2026-04-15 | N/A |
| An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper | ||||
| CVE-2025-32898 | 3 Apple, Google, Kde | 6 Ios, Android, Gsconnect and 3 more | 2026-04-15 | 4.7 Medium |
| The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59. | ||||