VYPR
Vendor

Qt

Products
13
CVEs
52
Across products
58
Status
Private

Products

13

Recent CVEs

52
View all 52 CVEs →
  • CVE-2017-10904CriDec 16, 2017
    risk 0.64cvss 9.8epss 0.02

    Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2025-10729CriOct 3, 2025
    risk 0.61cvss epss 0.00

    The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

  • CVE-2025-10728CriOct 3, 2025
    risk 0.61cvss epss 0.00

    When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS

  • CVE-2025-6338CriOct 16, 2025
    risk 0.60cvss epss 0.00

    There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.

  • CVE-2025-12385HigDec 3, 2025
    risk 0.57cvss epss 0.00

    Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text…

  • CVE-2015-1290HigJan 9, 2018
    risk 0.57cvss 8.8epss 0.03

    The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

  • CVE-2025-5455HigJun 2, 2025
    risk 0.55cvss epss 0.00

    An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a…

  • CVE-2025-14576HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead…

  • CVE-2017-15011HigOct 4, 2017
    risk 0.49cvss 7.5epss 0.01

    The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.

  • CVE-2025-4211HigMay 16, 2025
    risk 0.47cvss epss 0.00

    Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the…

  • CVE-2023-45872MedOct 9, 2024
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an…

  • CVE-2016-10040MedMar 7, 2017
    risk 0.36cvss 5.5epss 0.02

    Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.

  • CVE-2015-8079MedSep 7, 2017
    risk 0.35cvss 5.3epss 0.01

    qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.

  • CVE-2017-10905MedDec 16, 2017
    risk 0.34cvss 5.3epss 0.01

    A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.

  • CVE-2025-3512MedApr 11, 2025
    risk 0.31cvss epss 0.00

    There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be…

  • CVE-2023-45935MedMar 27, 2024
    risk 0.27cvss 4.2epss 0.00

    Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X…

  • CVE-2025-5992LowJul 11, 2025
    risk 0.15cvss epss 0.00

    When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from…

  • CVE-2025-5991LowJun 11, 2025
    risk 0.14cvss epss 0.00

    There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and…

  • CVE-2025-14575LowMay 19, 2026
    risk 0.12cvss epss 0.00

    An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working…

  • CVE-2009-1551May 6, 2009
    risk 0.05cvss epss 0.27

    Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php.