CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

Ankitects Anki 安全漏洞

Ankitects Anki is an open source program by the individual developers of Ankitects to help memorize information through the use of flash cards. A security vulnerability exists in Ankitects Anki versions prior to 25.02.5, which stems from improper handling of the URL scheme and could lead to the...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

Ankitects Anki 安全漏洞

Ankitects Anki is an open source program by the individual developers of Ankitects to help remember information through the use of flash cards. A security vulnerability exists in Ankitects Anki versions prior to 25.02.6, which stems from a specially crafted sound file reference that could result ...

EUVD-2024-2397

Malicious code in bioql PyPI...

EUVD-2024-2309

Malicious code in bioql PyPI...

EUVD-2025-11537

Malicious code in bioql PyPI...

EUVD-2024-34463

Malicious code in bioql PyPI...

CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-29073

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

PT-2025-16910 · Ankitects · Anki

Name of the Vulnerable Software and Affected Versions: Ankitects Anki versions prior to 25.02 Description: The issue allows for attacker-controlled access to the internal API through a crafted shared deck, even without knowledge of an API key. This can be achieved through various methods, includi...

Linux Distros Unpatched Vulnerability : CVE-2024-32484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to...

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues

Cisco Talos Vulnerability Research team has helped to disclose and patch six new vulnerabilities over the past three weeks, including one in a driver that powers certain NVIDIA graphics cards. The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an...