OESA-2026-2508 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

OESA-2026-2470 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

OESA-2026-2469 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

OESA-2026-2468 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

UBUNTU-CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

Qt 代码问题漏洞

Qt is an open-source, cross-platform application development framework. Qt has code vulnerabilities, which stem from an issue with uncontrolled search path elements in the backend of OpenSSL TLS. This vulnerability allows local attackers to load malicious CA certificates as trusted system...

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

In Qt versions prior to 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there may be an application crash in QXmlStreamReader due to a crafted XML string, causing a situation where a prefix is greater than a certain length...

Astra Linux – Vulnerability in Qt4-X11

A issue was discovered in Qt between versions 5.12.9, 5.13.x, and 5.15.x up to 5.15.1. The readxbmbody function in gui/image/qxbmhandler.cpp has a buffer over-read issue...

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.10, and in versions 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...

Astra Linux – Vulnerability in qtbase-opensource-src

In Qt 5.9.x through 5.15.x before 5.15.9, and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when it was not found in the PATH...

CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

DEBIAN-CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2025-14576 Possible QML code injection in VectorImage component

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

[SECURITY] Fedora 44 Update: qt6-qtwebengine-6.10.3-1.fc44

Qt6 - QtWebEngine components...

[SECURITY] Fedora 44 Update: qt6-qtgrpc-6.10.3-1.fc44

Protocol Buffers Protobuf is a cross-platform data format used to serialize structured data. gRPC provides a remote procedure call framework based on Protobuf. Qt provides tooling and classes to use these technologies...

[SECURITY] Fedora 44 Update: dtk6log-6.7.32-3.fc44

Simple, convenient and thread safe logger for Qt-based C++ apps...

[SECURITY] Fedora 44 Update: layer-shell-qt-6.6.4-1.fc44

This component is meant for applications to be able to easily use clients based on wlr-layer-shell...

MiracleLinux 9 : qt5-qtbase-5.15.9-9.el9 (AXSA:2024-8076:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8076:01 advisory. qt: incorrect integer overflow check CVE-2023-51714 qtbase: potential buffer overflow when reading KTX images CVE-2024-25580 Tenable has extracted t...