Lucene search
K

134 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its...

2.1CVSS6.1AI score0.00181EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 10:16 p.m.3 views

DEBIAN-CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 10:16 p.m.12 views

CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS0.00181EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 10:16 p.m.8 views

CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS0.00169EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 10:16 p.m.6 views

DEBIAN-CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:13 p.m.7 views

CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6AI score0.00169EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/07 9:13 p.m.10 views

CVE-2026-58266

The CVE-2026-58266 issue affects Anki prior to 25.09.4, where webview pages expose the internal localhost API to user scripts loaded in iframes. This allows a malicious imported card package with an embedded iframe to call exposed API methods (e.g., getImageForOcclusion) and read files accessible...

6.5CVSS6AI score0.00169EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 9:13 p.m.5 views

CVE-2026-58266 Anki: User scripts in iframes have access to the internal Anki API

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6AI score0.00169EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 9:13 p.m.23 views

CVE-2026-58266 Anki: User scripts in iframes have access to the internal Anki API

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS0.00169EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/07 9:13 p.m.4 views

CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6AI score0.00169EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/07 9:11 p.m.22 views

CVE-2026-59153 Anki's local HTTP server does not sufficiently validate requests

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS0.00181EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:11 p.m.7 views

CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/07 9:11 p.m.8 views

CVE-2026-59153

Anki’s local HTTP server vulnerability (CVE-2026-59153) affects Anki prior to version 25.09.3. The embedded local server serving media/files did not sufficiently block cross-origin requests from other origins, enabling potential side-effecting requests from malicious sites. The CVSS-based data in...

2.1CVSS6AI score0.00181EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/07 9:11 p.m.6 views

CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0
OSV
OSV
added 2026/06/19 10:10 p.m.20 views

GHSA-869J-R97X-HX2G Anki's local HTTP server does not sufficiently validate requests

Summary Anki launches a local HTTP server to serve media files and web pages for parts of its interface. The server fails to validate requests in the following ways: 1. No sufficient validation of the Origin header. 2. Some endpoints are vulnerable to path traversal attacks. This allows malicious...

8.7CVSS5.9AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 10:10 p.m.18 views

GHSA-CW6H-FFMH-X6VH Anki: User scripts in iframes have access to the internal Anki API

Summary Anki's webview-based pages communicate with the Rust backend using an internal localhost API. Anki implements measures to prevent user scripts run in the reviewer/editor from accessing this API https://github.com/ankitects/anki/pull/3925 but it inadvertently allows access to scripts...

6.5CVSS6AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-56266

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.4 Description Webview-based pages communicate with the Rust backend via an internal localhost API. User scripts included through iframes in the editor can bypass protections to access this API. A malicious imported...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/10/08 4:47 p.m.7 views

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

7.8CVSS6.8AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/08 4:47 p.m.6 views

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

3.3CVSS7AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder