CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations...

EUVD-2024-2446

Malicious code in bioql PyPI...

EUVD-2025-18331

Malicious code in bioql PyPI...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs due to a LaTeX blocklist bypass in the LaTeX processing functionality. The LaTeX module fails to enforce its blocklist properly, allowing specially crafted malicious flashcards to create arbitrary...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper handling of MPV functionality in flashcards. The MPV component processes user-supplied flashcard content with insufficient sanitization, enabling crafted inputs to execute arbitrary scripts on...

CVE-2025-6040

The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'efsettingssubmenu' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-6040

The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'efsettingssubmenu' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-6040 Easy Flashcards <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'efsettingssubmenu' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-6040 Easy Flashcards <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'efsettingssubmenu' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-6040

The CVE-2025-6040 entry concerns Easy Flashcards for WordPress (versions

WordPress plugin Easy Flashcards 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

Malicious code in flashcards-sdk-converter (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8eddf0b4ef4ccf55d3d894db73987fea2f721ef254833426d112e52eb62005bd Any computer that has this package installed or running should be considered...

MAL-2025-658 Malicious code in flashcards-sdk-converter (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8eddf0b4ef4ccf55d3d894db73987fea2f721ef254833426d112e52eb62005bd Any computer that has this package installed or running should be considered...

DEBIAN-CVE-2024-29073

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...

PT-2024-22699 · Ankitects +1 · Anki +1

Name of the Vulnerable Software and Affected Versions: Ankitects Anki version 24.04 Description: A vulnerability exists in the handling of Latex, where the verbatim package has been overlooked during sanitization to prevent unsafe commands. This can lead to an arbitrary file read when a specially...

PT-2024-24608 · Ankitects +1 · Anki +1

Name of the Vulnerable Software and Affected Versions: Ankitects Anki version 24.04 Description: A reflected XSS issue exists in the handling of invalid paths in the Flask server. This can be triggered by a specially crafted flashcard, leading to JavaScript code execution and potentially resultin...

PT-2024-21280 · Ankitects +1 · Anki +1

Name of the Vulnerable Software and Affected Versions: Ankitects Anki version 24.04 Description: A specially crafted flashcard can lead to arbitrary code execution due to an arbitrary script execution issue in the MPV functionality. An attacker can send a malicious flashcard to trigger this issue...

WordPress Qwiz Online Quizzes And Flashcards Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Qwiz Online Quizzes And Flashcards...

AnkiDroid Flashcards - Customized SSL, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application AnkiDroid Flashcards published at the 'play' market has multiple vulnerabilities...

Animals for Kids - Flashcards - Base64 encoded String, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Animals for Kids - Flashcards published at the 'play' market has multiple vulnerabilities...