Kdeconnect

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:kde:kdeconnect:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorKde (d8ba08cf-7ec1-5504-a5b9-f8cfa50ca850)
ProductKdeconnect (115dd4a2-37b8-5792-a989-a8300726ae65)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/kdeconnect purl2cpe 2026-06-01 10:14:05.072565
pkg:deb/ubuntu/kdeconnect purl2cpe 2026-06-01 10:14:05.072568
pkg:github/kde/kdeconnect-kde purl2cpe 2026-06-01 10:14:05.072571

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-32901 vulnerable 2026-06-03 15:00:42.246208 Details available
MEDIUM (4.3)
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
Published: 2025-12-05T00:00:00.000Z
Updated: 2025-12-05T14:33:55.971Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-32899 vulnerable 2026-06-03 15:00:42.243991 Details available
MEDIUM (4.3)
In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP.
Published: 2025-12-05T00:00:00.000Z
Updated: 2025-12-05T14:34:45.440Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-26164 vulnerable 2026-06-03 14:42:16.368050 Details available
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
Published: 2020-10-07T18:07:51.000Z
Updated: 2024-08-04T15:49:07.217Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.