CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

[SECURITY] Fedora 42 Update: qt6-qtwebchannel-6.9.3-1.fc42

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...