{"url":"http://public2.vulnerablecode.io/api/packages/100391?format=json","purl":"pkg:deb/debian/kdeconnect@25.04.2-1%2Bdeb13u1?distro=trixie","type":"deb","namespace":"debian","name":"kdeconnect","version":"25.04.2-1+deb13u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"25.11.80+git20251121.7090b106-1","latest_non_vulnerable_version":"26.04.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5823?format=json","vulnerability_id":"VCID-9168-q7b3-1bhr","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26164","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27013","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2711","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27102","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27062","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27021","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971736","reference_id":"971736","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971736"},{"reference_url":"https://security.archlinux.org/ASA-202010-7","reference_id":"ASA-202010-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202010-7"},{"reference_url":"https://security.archlinux.org/AVG-1241","reference_id":"AVG-1241","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1241"},{"reference_url":"https://security.gentoo.org/glsa/202101-16","reference_id":"GLSA-202101-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-16"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100388?format=json","purl":"pkg:deb/debian/kdeconnect@20.08.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@20.08.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100389?format=json","purl":"pkg:deb/debian/kdeconnect@20.12.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hj8-84ty-s3dm"},{"vulnerability":"VCID-v6vz-888x-4bcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@20.12.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100387?format=json","purl":"pkg:deb/debian/kdeconnect@22.12.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hj8-84ty-s3dm"},{"vulnerability":"VCID-v6vz-888x-4bcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@22.12.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100391?format=json","purl":"pkg:deb/debian/kdeconnect@25.04.2-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@25.04.2-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100390?format=json","purl":"pkg:deb/debian/kdeconnect@26.04.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@26.04.0-1%3Fdistro=trixie"}],"aliases":["CVE-2020-26164"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9168-q7b3-1bhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70752?format=json","vulnerability_id":"VCID-9hj8-84ty-s3dm","summary":"In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32900","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06844","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06889","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06874","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06837","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32900"},{"reference_url":"https://kde.org/info/security/advisory-20250418-2.txt","reference_id":"advisory-20250418-2.txt","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T14:14:09Z/"}],"url":"https://kde.org/info/security/advisory-20250418-2.txt"},{"reference_url":"https://kdeconnect.kde.org","reference_id":"kdeconnect.kde.org","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T14:14:09Z/"}],"url":"https://kdeconnect.kde.org"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100393?format=json","purl":"pkg:deb/debian/kdeconnect@25.04.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@25.04.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100391?format=json","purl":"pkg:deb/debian/kdeconnect@25.04.2-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@25.04.2-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100390?format=json","purl":"pkg:deb/debian/kdeconnect@26.04.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@26.04.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-32900"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hj8-84ty-s3dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70753?format=json","vulnerability_id":"VCID-kdv8-b6u6-2kbt","summary":"The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66270","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.064","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06344","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06337","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06382","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0639","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66270"},{"reference_url":"https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e","reference_id":"4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T17:21:15Z/"}],"url":"https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e"},{"reference_url":"https://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9","reference_id":"675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T17:21:15Z/"}],"url":"https://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9"},{"reference_url":"https://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080","reference_id":"6c003c22d04270cabc4b262d399c753d55cf9080","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T17:21:15Z/"}],"url":"https://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080"},{"reference_url":"https://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce","reference_id":"85f773124a67ed1add79e7465bb088ec667cccce","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T17:21:15Z/"}],"url":"https://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce"},{"reference_url":"https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3","reference_id":"a38246deec0af50ae218cdc51db32cdd7eb145e3","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T17:21:15Z/"}],"url":"https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3"},{"reference_url":"https://kde.org/info/security/advisory-20251128-1.txt","reference_id":"advisory-20251128-1.txt","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T17:21:15Z/"}],"url":"https://kde.org/info/security/advisory-20251128-1.txt"},{"reference_url":"https://usn.ubuntu.com/7905-1/","reference_id":"USN-7905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7905-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100395?format=json","purl":"pkg:deb/debian/kdeconnect@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100389?format=json","purl":"pkg:deb/debian/kdeconnect@20.12.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hj8-84ty-s3dm"},{"vulnerability":"VCID-v6vz-888x-4bcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@20.12.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100387?format=json","purl":"pkg:deb/debian/kdeconnect@22.12.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hj8-84ty-s3dm"},{"vulnerability":"VCID-v6vz-888x-4bcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@22.12.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100391?format=json","purl":"pkg:deb/debian/kdeconnect@25.04.2-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@25.04.2-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100397?format=json","purl":"pkg:deb/debian/kdeconnect@25.11.80%2Bgit20251121.7090b106-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@25.11.80%252Bgit20251121.7090b106-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100390?format=json","purl":"pkg:deb/debian/kdeconnect@26.04.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@26.04.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66270"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kdv8-b6u6-2kbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70751?format=json","vulnerability_id":"VCID-v6vz-888x-4bcy","summary":"The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32898","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14487","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14585","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14589","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14549","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14464","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32898"},{"reference_url":"https://kde.org/info/security/advisory-20250418-3.txt","reference_id":"advisory-20250418-3.txt","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T14:40:10Z/"}],"url":"https://kde.org/info/security/advisory-20250418-3.txt"},{"reference_url":"https://kdeconnect.kde.org","reference_id":"kdeconnect.kde.org","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T14:40:10Z/"}],"url":"https://kdeconnect.kde.org"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100393?format=json","purl":"pkg:deb/debian/kdeconnect@25.04.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@25.04.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100391?format=json","purl":"pkg:deb/debian/kdeconnect@25.04.2-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@25.04.2-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100390?format=json","purl":"pkg:deb/debian/kdeconnect@26.04.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@26.04.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-32898"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6vz-888x-4bcy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kdeconnect@25.04.2-1%252Bdeb13u1%3Fdistro=trixie"}