VYPR

Messagelib

by KDE

Source repositories

CVEs (4)

  • CVE-2017-9604HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the…

  • CVE-2025-69412LowJan 1, 2026
    risk 0.22cvss 3.4epss 0.00

    KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

  • CVE-2021-31855Jun 2, 2021
    risk 0.00cvss epss 0.01

    KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server.…

  • CVE-2018-19516Mar 12, 2020
    risk 0.00cvss epss 0.01

    messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.