5 matches found
CVE-2026-58266
Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...
CVE-2026-58266
Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...
CVE-2026-58266
The CVE-2026-58266 issue affects Anki prior to 25.09.4, where webview pages expose the internal localhost API to user scripts loaded in iframes. This allows a malicious imported card package with an embedded iframe to call exposed API methods (e.g., getImageForOcclusion) and read files accessible...
CVE-2026-58266 Anki: User scripts in iframes have access to the internal Anki API
Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...
Mozilla Firefox ESR < 91.11
The version of Firefox ESR installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-25 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of...