Lucene search
+L
AnkitectsAnki

6 matches found

CVE
CVE
added 2025/04/16 12:0 a.m.101 views

CVE-2025-43703

Anki (Ankitects) up to version 25.02 is affected by CVE-2025-43703, which allows attacker-controlled access to the internal API via a crafted shared deck, even without knowledge of an API key. The issue stems from an incomplete fix for CVE-2024-32484 and can be triggered through methods such as s...

6.1CVSS6.3AI score0.00221EPSS
CVE
CVE
added 2024/07/22 2:20 p.m.89 views

CVE-2024-32152

CVE-2024-32152 affects Ankitects Anki 24.04’s LaTeX processing, where a specially crafted flashcard can bypass the blocklist and cause arbitrary file creation at a fixed path. The issue arises from the LaTeX blocklist bypass in the Anki LaTeX module, enabling an attacker to trigger file creation ...

4.3CVSS4.1AI score0.12111EPSS
CVE
CVE
added 2024/07/22 2:20 p.m.83 views

CVE-2024-32484

Affected product: Ankitects Anki (entries reference Anki up to 25.02). The connected documents indicate CVE-2025-43703 describes an incomplete fix for CVE-2024-32484, resulting in attacker‑controlled access to the internal API via crafted decks/SRC attributes, effectively enabling scripted access...

8.2CVSS7.4AI score0.25924EPSS
CVE
CVE
added 2025/10/07 12:0 a.m.28 views

CVE-2025-62185

In Ankitects Anki prior to 25.02.5, a crafted shared deck can place a YouTube downloader executable (names include youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe) in the media folder. This executable can be run when a YouTube link is present in the deck, enabling potential arbitrary code execution...

7.8CVSS6.4AI score0.0014EPSS
CVE
CVE
added 2025/10/07 12:0 a.m.18 views

CVE-2025-62187

In Ankitects Anki prior to 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux because media file pathnames are not necessarily relative to the media folder. The vulnerability affects the media handling component and arises from impro...

3.3CVSS6.6AI score0.00164EPSS
CVE
CVE
added 2025/10/07 12:0 a.m.16 views

CVE-2025-62186

Anki (Ankitects) on Windows is affected by CVE-2025-62186: versions prior to 25.02.5 are vulnerable to arbitrary command execution when playing audio via a crafted shared deck due to URL scheme mishandling. The root cause is improper handling of URL schemes in the shared deck workflow. Affected p...

7.8CVSS7.1AI score0.00132EPSS