plasma-workspace prior to 5.1.95 allows remote malicious users to obtain passwords via a Trojan horse Look and Feel package.
kde plasma-workspace