CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62185

In Ankitects Anki prior to 25.02.5, a crafted shared deck can place a YouTube downloader executable (names include youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe) in the media folder. This executable can be run when a YouTube link is present in the deck, enabling potential arbitrary code execution...

EUVD-2025-32878

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

PT-2025-41187

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.02.5 Description A specially designed shared deck can place a YouTube downloader executable in the media folder. This executable is then run when a YouTube link is present within the deck. The executable may be named...

Ankitects Anki 代码问题漏洞

Ankitects Anki is an open source program by the individual developers of Ankitects to help remember information through the use of flash cards. A code issue vulnerability exists in Ankitects Anki versions prior to 25.02.5, which stems from a specially crafted shared deck that can place a YouTube...

CVE-2025-62186

Anki (Ankitects) on Windows is affected by CVE-2025-62186: versions prior to 25.02.5 are vulnerable to arbitrary command execution when playing audio via a crafted shared deck due to URL scheme mishandling. The root cause is improper handling of URL schemes in the shared deck workflow. Affected p...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

EUVD-2025-32879

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

PT-2025-41188

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.02.5 Description A specially crafted shared deck on Windows can lead to the execution of arbitrary commands when playing audio due to improper handling of URL schemes. Recommendations Update to version 25.02.5 or late...

EUVD-2025-11537

Malicious code in bioql PyPI...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...