CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62185

In Ankitects Anki prior to 25.02.5, a crafted shared deck can place a YouTube downloader executable (names include youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe) in the media folder. This executable can be run when a YouTube link is present in the deck, enabling potential arbitrary code execution...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

EUVD-2025-32877

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

CVE-2025-62187

In Ankitects Anki prior to 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux because media file pathnames are not necessarily relative to the media folder. The vulnerability affects the media handling component and arises from impro...

EUVD-2025-32878

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

PT-2025-41187

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.02.5 Description A specially designed shared deck can place a YouTube downloader executable in the media folder. This executable is then run when a YouTube link is present within the deck. The executable may be named...

Ankitects Anki 代码问题漏洞

Ankitects Anki is an open source program by the individual developers of Ankitects to help remember information through the use of flash cards. A code issue vulnerability exists in Ankitects Anki versions prior to 25.02.5, which stems from a specially crafted shared deck that can place a YouTube...

Ankitects Anki 安全漏洞

Ankitects Anki is an open source program by the individual developers of Ankitects to help memorize information through the use of flash cards. A security vulnerability exists in Ankitects Anki versions prior to 25.02.5, which stems from improper handling of the URL scheme and could lead to the...