KDE 漏洞与 CVE 列表(195)

产品(CPE): — CVE 数: 195

KDE 漏洞概览

汇总 KDE 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

已披露问题常与 输入验证问题、缓冲区溢出与跨站脚本 相关,可能在 生产负载与软件部署 场景中带来 异常行为与应用崩溃 等暴露风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 120195 CVE 数
«« 第一页 « 上一页 第 1 / 10 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-41526 In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection. [email protected] 6.5 0.17% 2026-04-28 2026-06-17
CVE-2025-69412 KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. [email protected] 3.4 0.24% 2025-12-31 2026-06-17
CVE-2025-32901 In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash. [email protected] 4.3 0.16% 2025-12-05 2026-06-17
CVE-2025-32899 In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP. [email protected] 4.3 0.16% 2025-12-05 2026-06-17
CVE-2024-57966 libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. [email protected] 5.0 0.26% 2025-02-03 2026-06-17
CVE-2024-36041 KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. [email protected] 7.8 0.29% 2024-07-04 2026-06-17
CVE-2024-1433 A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd [email protected] 3.1 0.78% 2024-02-11 2026-06-17
CVE-2022-24986 KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. [email protected] 7.8 0.24% 2022-02-26 2026-06-17
CVE-2022-23853 The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory. [email protected] 7.8 0.88% 2022-02-11 2026-06-17
CVE-2021-38373 In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. [email protected] 5.3 0.53% 2021-08-10 2026-06-17
CVE-2021-38372 In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. [email protected] 3.7 0.79% 2021-08-10 2026-06-17
CVE-2021-36083 KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. [email protected] 5.5 0.94% 2021-06-30 2026-06-16
CVE-2021-31855 KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the [email protected] 6.5 0.60% 2021-06-02 2026-06-16
CVE-2021-28117 libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) [email protected] 7.5 1.56% 2021-03-20 2026-06-16
CVE-2020-27187 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges. [email protected] 7.8 0.42% 2020-10-26 2026-06-16
CVE-2020-26164 In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. [email protected] 5.5 0.55% 2020-10-07 2026-06-16
CVE-2020-24654 In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. [email protected] 3.3 1.50% 2020-09-02 2026-06-16
CVE-2020-16116 In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. [email protected] 3.3 1.71% 2020-08-03 2026-06-16
CVE-2020-15954 KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. [email protected] 6.5 0.65% 2020-07-27 2026-06-16
CVE-2020-13152 A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. [email protected] 5.5 3.43% 2020-05-20 2026-06-16
«« 第一页 « 上一页 第 1 / 10 页 下一页 »
cvelogic Threat Intelligence