📦

qt

Vendor: qt

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 7 Remote Access

Total CVEs 128 Total Indexed

Avg. EPSS 1.79% Exploit Prob.

Latest CVE CVE-2025-5683 Jun 05

Security Vulnerability Index

Page 5 / 13

9.8 CVSS

CVE-2017-10904

RCE

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

EPSS: 0.97%

Severity: CRITICAL

Dec 16, 2017

7.5 CVSS

CVE-2017-15011

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.

EPSS: 0.83%

Severity: HIGH

Oct 04, 2017

5.1 CVSS

CVE-2015-7298

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.

EPSS: 0.25%

Severity: MEDIUM

Oct 26, 2015

6.8 CVSS

CVE-2015-1860

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

EPSS: 6.36%

Severity: MEDIUM

May 12, 2015

6.8 CVSS

CVE-2015-1859

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.

EPSS: 4.40%

Severity: MEDIUM

May 12, 2015

6.8 CVSS

CVE-2015-1858

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.

EPSS: 2.57%

Severity: MEDIUM

May 12, 2015

4.3 CVSS

CVE-2014-0190

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.

EPSS: 1.08%

Severity: MEDIUM

May 08, 2014

5.0 CVSS

CVE-2013-4549

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

EPSS: 5.22%

Severity: MEDIUM

Dec 23, 2013

6.8 CVSS

CVE-2013-4422

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.

EPSS: 0.67%

Severity: MEDIUM

Oct 23, 2013

4.3 CVSS

CVE-2012-6093

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.

EPSS: 2.28%

Severity: MEDIUM

Feb 24, 2013

Displaying 10 of 128 Total Entries

3 4 5 6 7 ... 13

Total 13 Sections