Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling.
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NAnkitects Anki
APPAnkitects< 25.02.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-32484HIGH7.4ten sam produkt
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 2...
CVE-2025-62185MEDIUM6.7ten sam produkt
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media...
CVE-2025-43703MEDIUM6.1ten sam produkt
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controll...
CVE-2025-62187LOW2.9ten sam produkt
W Ankitects Anki przed wersją 25.02.6 spreparowane odwołania do plików dźwiękowych mogły spowodować zapis plik...
CVE-2024-32152LOW3.1ten sam produkt
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafte...