261 matches found
Ankitects Anki 代码问题漏洞
Ankitects Anki is an open source program by the individual developers of Ankitects to help remember information through the use of flash cards. A code issue vulnerability exists in Ankitects Anki versions prior to 25.02.5, which stems from a specially crafted shared deck that can place a YouTube...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62186
Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...
EUVD-2025-32878
Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...
EUVD-2025-32879
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
PT-2025-41188
Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.02.5 Description A specially crafted shared deck on Windows can lead to the execution of arbitrary commands when playing audio due to improper handling of URL schemes. Recommendations Update to version 25.02.5 or late...
CVE-2025-62186
Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62185
In Ankitects Anki prior to 25.02.5, a crafted shared deck can place a YouTube downloader executable (names include youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe) in the media folder. This executable can be run when a YouTube link is present in the deck, enabling potential arbitrary code execution...
EUVD-2022-29655
Malicious code in bioql PyPI...
EUVD-2022-33567
Malicious code in bioql PyPI...
EUVD-2025-11537
Malicious code in bioql PyPI...
EUVD-2024-19789
Malicious code in bioql PyPI...
EUVD-2023-26624
Malicious code in bioql PyPI...
EUVD-2024-36867
Malicious code in bioql PyPI...
EUVD-2022-29663
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-43703
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker- controlled access to the internal API even though the...
@deck/app (>=1.0.1 <=1.4.11), octophant (=0.1.0) potentially affected by unknown CVE via rimraf-glob (=0.0.0)
rimraf-glob NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on rimraf-glob and may be impacted: - @deck/app =1.0.1, =1.4.11 - octophant =0.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-32233...
Nextcloud: Deck app allowed user with "Can share" permission to modify permissions of other non-owners
The Deck app in Nextcloud allowed users with "Can share" permission to modify the permissions of other non-owners...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the integration with mpv, an attacker can achieve arbitrary code execution by including a malicious executable within a shared deck. Note: This vulnerability is specific to Windows operating systems...