Ankitects Anki
8 CVEs affecting Ankitects Anki. Latest disclosed: 2025-10-07. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-26020 | Critical | 9.6 | 2024-07-22 | An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code… |
CVE-2024-32484 | High | 7.4 | 2024-07-22 | An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to J… |
CVE-2025-62186 | Medium | 6.7 | 2025-10-07 | Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling. |
CVE-2025-62185 | Medium | 6.7 | 2025-10-07 | In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link… |
CVE-2025-43703 | Medium | 6.1 | 2025-04-16 | An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the at… |
CVE-2024-29073 | Medium | 5.3 | 2024-07-22 | An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes… |
CVE-2024-32152 | Low | 3.1 | 2024-07-22 | A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary fi… |
CVE-2025-62187 | Low | 2.9 | 2025-10-07 | In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnam… |