Lucene search
K

223 matches found

OSV
OSV
added 2025/06/02 9:15 a.m.2 views

UBUNTU-CVE-2025-5455

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...

8.4CVSS6.4AI score0.00309EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.2 views

Qt 输入验证错误漏洞

Qt is a cross-platform application development framework from the Qt open source. An input validation error vulnerability exists in Qt versions 5.15.18 and earlier, 6.0.0 through 6.5.8, 6.6.0 through 6.8.3, and 6.9.0, which results in a denial of service when malformed data is processed by functi...

8.4CVSS6.3AI score0.00309EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:23 a.m.9 views

CVE-2019-11351

TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework...

9.3CVSS8AI score0.03901EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:5 a.m.5 views

CVE-2017-15011

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service application crash via an unspecified string...

7.5CVSS7.4AI score0.01399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/18 2:15 p.m.20 views

CVE-2025-4211

A flaw was found in the QFileSystemEngine in the Qt corelib module on Windows. The vulnerability arises when using the GetTempPath API, which allows attackers to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The affected public API in the Qt...

7.3CVSS7.2AI score0.0017EPSS
Exploits0References4
NVD
NVD
added 2025/05/16 2:15 p.m.26 views

CVE-2025-4211

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...

7.3CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/16 1:25 p.m.22 views

CVE-2025-4211 Improper Link Resolution Before File Access in QFileSystemEngine on Windows

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...

7.3CVSS6.3AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 1:25 p.m.76 views

CVE-2025-4211

Qt: CVE-2025-4211 affects the Qt corelib QFileSystemEngine on Windows, via QDir::tempPath() (and uses like QStandardPaths/TempLocation, QTemporaryDir, QTemporaryFile). Root cause is improper link resolution before file access, enabling potential symlink attacks and malicious file handling. Affect...

7.3CVSS6.3AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 1:25 p.m.28 views

CVE-2025-4211 Improper Link Resolution Before File Access in QFileSystemEngine on Windows

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...

7.3CVSS0.0017EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/24 12:0 a.m.6 views

The vulnerability of the QXmlStreamReader class in the cross-platform framework for Qt software development allows a attacker to cause a service failure.

The vulnerability of the QXmlStreamReader class in the cross-platform framework for Qt software development is related to an incorrect restriction on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.3AI score0.02489EPSS
Exploits0References9Affected Software7
OSV
OSV
added 2025/04/11 1:42 p.m.6 views

OESA-2025-1387 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data.CVE-2025-30348...

5.8CVSS7AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2025/04/11 1:42 p.m.2 views

OESA-2025-1386 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data.CVE-2025-30348...

5.8CVSS7AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/21 12:0 a.m.3 views

Qt 安全漏洞

Qt is a cross-platform application development framework from the Qt open source. A security vulnerability exists in versions prior to Qt 6.8.0, which stems from the encodeText function in QDom involving a complex XML string copy and replace algorithm...

5.8CVSS6.4AI score0.00343EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/03 12:0 a.m.6 views

The vulnerability of the qdrawhelper_p.h component of the cross-platform development framework for Qt software, which allows a hacker to trigger a service failure.

The vulnerability of the qdrawhelperp.h component of the cross-platform framework for developing Qt software relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

7.1CVSS7AI score0.00511EPSS
Exploits1References10Affected Software11
SUSE CVE
SUSE CVE
added 2025/01/26 3:47 a.m.4 views

SUSE CVE-2025-23050

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read or division by zero. This is fixed in 5.15.19, 6.5.9, and 6.8.2...

5.3CVSS6.9AI score0.00172EPSS
Exploits0References6
Redos
Redos
added 2025/01/21 12:0 a.m.9 views

ROS-20250418-01

A vulnerability in the gui/util/qktxhandler.cpp component of the KTX image processing module of the cross-platform Qt software development framework is related to a buffer overrun. Qt software development framework is related to an operation exceeding buffer boundaries in memory. memory...

6.5CVSS6.9AI score0.00452EPSS
Exploits0
Redos
Redos
added 2025/01/21 12:0 a.m.7 views

ROS-20250121-11

A vulnerability in the QTextLayout component of the cross-platform software development framework Qt is related to buffer copying without input validation. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted file SVG A...

7.5CVSS8AI score0.0306EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.7 views

The vulnerability of the cross-platform software development framework Qt, related to writing beyond the buffer boundaries, allows attackers to trigger a service failure.

The vulnerability of the cross-platform software development framework Qt is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.3AI score0.01343EPSS
Exploits1References17Affected Software5
Amazon
Amazon
added 2024/11/01 12:0 a.m.3 views

Important: qt5-qtsvg

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

8.6CVSS7.3AI score0.00494EPSS
Exploits0
Amazon
Amazon
added 2024/11/01 12:0 a.m.11 views

Important: qt5-qtxmlpatterns

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

8.6CVSS7.8AI score0.00494EPSS
Exploits0
Rows per page
Query Builder