Plasma Workspace 安全漏洞

Plasma Workspace is an open-source application developed by the KDE GitHub Mirror project. It serves to run various components required for a Plasma-based environment. Plasma Workspace has a security vulnerability that stems from multiple issues, which may allow an infected plasmalogin service...

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

[SECURITY] Fedora 44 Update: qt6ct-0.11-13.20250907git23a985f.fc44

This program allows users to configure Qt6 settings theme, font, icons, etc. under DE/WM without Qt integration...

CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

[SECURITY] Fedora 43 Update: smb4k-4.0.6-1.fc43

Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...

[SECURITY] Fedora 44 Update: plasma-systemsettings-6.6.4-1.fc44

KDE System Settings application...

[SECURITY] Fedora 44 Update: plasma-thunderbolt-6.6.4-1.fc44

Plasma Sytem Settings module and a KDED module to handle authorization of Thunderbolt devices connected to the computer. There's also a shared library libkbolt that implements common interface between the modules and the system-wide bolt daemon, which does the actual hard work of talking to the...

[SECURITY] Fedora 44 Update: polkit-kde-6.6.4-1.fc44

Provides Policy Kit Authentication Agent that nicely fits to KDE...

[SECURITY] Fedora 44 Update: plasma-print-manager-6.6.4-1.fc44

Printer management for KDE...

[SECURITY] Fedora 44 Update: kmenuedit-6.6.4-1.fc44

KDE menu editor...

[SECURITY] Fedora 44 Update: kwayland-integration-6.6.4-1.fc44

Provides integration plugins for various KDE Frameworks for Wayland...

[SECURITY] Fedora 44 Update: kf6-kdbusaddons-6.25.0-1.fc44

KDBusAddons provides convenience classes on top of QtDBus, as well as an API to create KDED modules...

[SECURITY] Fedora 44 Update: kde-cli-tools-6.6.4-1.fc44

Provides several KDE and Plasma specific command line tools to allow better interaction with the system...

CVE-2026-35207

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...

[SECURITY] Fedora 43 Update: gnome-remote-desktop-49.3-2.fc43

GNOME Remote Desktop is a remote desktop and screen sharing service for the GNOME desktop environment...

CVE-2026-23852

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

CVE-2026-23852

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

MiracleLinux 7 : kdelibs-4.14.8-6.el7 (AXSA:2017-1655:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1655:01 advisory. Libraries for KDE 4. Security issues fixed with this release: CVE-2017-8422 KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root...

CVE-2021-2167

Vulnerability in the Oracle Solaris product of Oracle Systems component: Common Desktop Environment. The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle...