randshell

4 exploits Active since Dec 2025
CVE-2025-32898 GITLAB MEDIUM WORKING POC
KDE Connect <2025-04-18 - Info Disclosure
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.
CVSS 4.7
CVE-2025-32899 GITLAB MEDIUM WORKING POC
KDE Connect < 1.33.0 - Unauthenticated Device Unpairing via Broadcast UDP Discovery Packet
In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP.
CVSS 4.3
CVE-2025-32900 GITLAB MEDIUM WORKING POC
KDE Connect <2025-04-18 - Info Disclosure
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.
CVSS 4.3
CVE-2025-32901 GITLAB MEDIUM WORKING POC
KDEConnect < 1.33.0 - Denial of Service via Malicious Device ID
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
CVSS 4.3