Filtered by vendor Kde
Subscriptions
Filtered by product Kde
Subscriptions
Total
75 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1268 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | ||||
| CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2026-04-16 | N/A |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | ||||
| CVE-1999-1267 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. | ||||
| CVE-2003-0690 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2026-04-16 | N/A |
| KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. | ||||
| CVE-2025-62876 | 1 Kde | 1 Kde | 2026-04-15 | N/A |
| A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4. | ||||
| CVE-2025-32900 | 3 Apple, Google, Kde | 6 Ios, Android, Gsconnect and 3 more | 2026-04-15 | 4.3 Medium |
| In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59. | ||||
| CVE-2025-66002 | 2 Kde, Smb4k | 2 Kde, Smb4k | 2026-04-15 | N/A |
| An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper | ||||
| CVE-2025-66003 | 2 Kde, Smb4k | 2 Kde, Smb4k | 2026-04-15 | N/A |
| An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5. | ||||
| CVE-2025-66270 | 3 Apple, Google, Kde | 6 Ios, Android, Gsconnect and 3 more | 2026-04-15 | 4.7 Medium |
| The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49. | ||||
| CVE-2025-32898 | 3 Apple, Google, Kde | 6 Ios, Android, Gsconnect and 3 more | 2026-04-15 | 4.7 Medium |
| The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59. | ||||
| CVE-2017-9604 | 1 Kde | 3 Kde, Kmail, Messagelib | 2025-04-20 | N/A |
| KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2012-4514 | 1 Kde | 1 Kde | 2025-04-11 | N/A |
| rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | ||||
| CVE-2012-4513 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2025-04-11 | N/A |
| khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | ||||
| CVE-2012-4515 | 1 Kde | 1 Kde | 2025-04-11 | N/A |
| Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | ||||
| CVE-2012-4512 | 2 Kde, Redhat | 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | 8.8 High |
| The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | ||||