Astra Linux - уязвимость в ktexteditor, kate

The LSP Language Server Protocol plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 attempts to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will attempt to run the LSP server binary in the directory of the...

Astra Linux - уязвимость в konsole

KDE Konsole prior to version 25.04.2 allowed remote code execution in certain scenarios. It supported loading URLs from scheme handlers such as ssh://, telnet://, or rlogin:// URLs. This could be executed regardless of whether the ssh, telnet, or rlogin binary was available. In this mode, there w...

Astra Linux - уязвимость в plasma-workspace

In KDE Plasma Workspaces also known as plasma-workspace, prior to versions 5.27.11.1 and 6.x, before version 6.0.5.1, connections were made via ICE, purely based on the host system. This means that all local connections were accepted. This allowed another user on the same machine to gain access t...

Fedora 44 : emacs (2026-ea9adf4496)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ea9adf4496 advisory. Recent KDEs default to Wayland, so Suggest PGTK build there. ---- libpixbufloader-xpm.so no-longer required with recent Glycin. Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2026-41525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional...

CVE-2026-41525

A flaw was found in KDE Dolphin. This vulnerability allows applications operating within a Flatpak or AppArmor sandbox to bypass security restrictions. By exploiting the FileManager1 protocol, a malicious application can prompt users to open files, including scripts or executables, located outsid...

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

UBUNTU-CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

SUSE CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

PT-2026-35678

Name of the Vulnerable Software and Affected Versions KDE KCoreAddons versions prior to 6.25 Description The KShell::quoteArgs function is designed to safely quote arguments for shell commands. However, it fails to adequately handle metacharacters, which can lead to a shell escape. Applications...

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

Linux Distros Unpatched Vulnerability : CVE-2026-42095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL. CVE-2026-42095 Note that Nessus relies on th...

[SECURITY] Fedora 44 Update: smb4k-4.0.6-1.fc44

Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...

UBUNTU-CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

CVE-2026-42095

CVE-2026-42095 affects bookserver in KDE Arianna up to version 26.04.0 (pre-26.04.1). Affected component allows an attacker with local access to read arbitrary files by guessing a URL over a socket connection, as described in the vulnerability description. Root cause: insufficient access control ...

CVE-2026-41527

KDE Kleopatra (Windows) is affected by CVE-2026-41527, with the vulnerable component being the single-instance mechanism implemented by KUniqueService. The issue allows local users to escalate privileges to a Kleopatra user by exploiting a flaw that prevents proper enforcement of a single running...