In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NAnkitects Anki
APPAnkitects< 25.02.6
Related vulnerabilities
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 2...
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media...
Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playi...
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controll...
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafte...