In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

CVE Database V5

Detailed information about CVE-2025-59820: CWE-1284 Improper Validation of Specified Quantity in Input in KDE Krita affecting KDE Krita. Get real-time updates, 

CVE-2025-59820: CWE-1284 Improper Validation of Specified Quantity in Input in KDE Krita - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-59820: CWE-1284 Improper Validation of Specified Quantity in Input in KDE Krita

In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly.

CVE-2025-55174 is a vulnerability identified in KDE Skanpage, a scanning application commonly used on Linux desktops, prior to version 25.08.0. The root cause lies in the incorrect use of the Qt framework's file handling mode: the application uses QIODevice::ReadWrite instead of QIODevice::WriteOnly when overwriting files. This improper provision of specified functionality (CWE-684) results in a file overwrite operation that does not fully replace the old file's contents. Instead, the new file begins with the new data but is followed by residual data from the previous file, causing partial data leakage. This behavior can inadvertently expose fragments of previously stored information, potentially leading to confidentiality breaches. The vulnerability has a CVSS 3.1 base score of 3.2, reflecting low severity. The attack vector is local (AV:L), requiring the attacker to have local access to the system. The attack complexity is high (AC:H), meaning exploitation is not straightforward. No privileges are required (PR:N), and no user interaction is necessary (UI:N). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact is limited to confidentiality (C:L), with no impact on integrity (I:N) or availability (A:N). There are no known exploits in the wild, and no patches were linked at the time of this report, but it is expected that KDE will release a fix in subsequent versions. The vulnerability is primarily a concern for users who handle sensitive scanned documents and rely on Skanpage for file management. Improper file overwrite could lead to unintended data disclosure if old file fragments are exposed.

Detailed information about CVE-2025-55174: CWE-684 Incorrect Provision of Specified Functionality in KDE Skanpage affecting KDE Skanpage. Get real-time updates,

CVE-2025-55174: CWE-684 Incorrect Provision of Specified Functionality in KDE Skanpage - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-55174: CWE-684 Incorrect Provision of Specified Functionality in KDE Skanpage

CVE-2025-66235 was reserved by Fortinet on November 25, 2025, as indicated by the CVE database entry. However, the vulnerability was subsequently marked as REJECTED, meaning that after evaluation, the CVE Numbering Authority determined that the issue does not meet the criteria for a valid vulnerability or was a duplicate or otherwise invalid entry. There are no affected versions, no technical details, no CWE identifiers, no patch links, and no known exploits in the wild. The lack of a CVSS score and absence of any public technical information further confirm that this entry does not represent an active or exploitable security vulnerability. As such, it does not pose a threat to any systems or organizations.

Detailed information about CVE-2025-66235. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-66235 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-66235

The CVE-2025-66234 entry originates from the CVE Database and is assigned by Fortinet; however, it is marked as 'REJECTED' and contains no technical details, affected product versions, or exploit information. The lack of a CVSS score and absence of patch or mitigation details indicate that this vulnerability record was either a duplicate, invalid, or otherwise not accepted as a valid security issue. No indicators of compromise or exploitation in the wild have been reported. Consequently, there is no substantive information to analyze regarding the nature, mechanism, or impact of this vulnerability.

Detailed information about CVE-2025-66234. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-66234 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-66234

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

Detailed information about CVE-2025-12061: CWE-862 Missing Authorization in TAX SERVICE Electronic HDM affecting null TAX SERVICE Electronic HDM. Get real-time 

CVE-2025-12061: CWE-862 Missing Authorization in TAX SERVICE Electronic HDM

CVE-2025-12061: CWE-862 Missing Authorization in TAX SERVICE Electronic HDM

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-59820: CWE-1284 Improper Validation of Specified Quantity in Input in KDE Krita

CVE-2025-55174: CWE-684 Incorrect Provision of Specified Functionality in KDE Skanpage

CVE-2025-66235

CVE-2025-66234

CVE-2025-66233

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility