Approved changes feed: RSS · Atom

cpe:2.3:a:ankitects:anki:24.04:*:*:*:*:*:*:*

part: a version: 24.04 update: *

VendorAnkitects (8844526a-9309-5499-909a-410f664c1c4d)
ProductAnki (e7a18540-f1b6-59b9-a7a2-c07fbab0df75)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/ankitects/anki purl2cpe 2026-06-01 10:11:14.775042

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-32484 vulnerable 2026-06-08 06:35:33.203594 Details available
HIGH (7.4)
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.
Published: 2024-07-22T14:20:25.571Z
Updated: 2025-11-04T17:20:19.020Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32152 vulnerable 2026-06-08 06:35:32.975570 Details available
LOW (3.1)
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
Published: 2024-07-22T14:20:26.096Z
Updated: 2025-11-04T17:20:17.676Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-29073 vulnerable 2026-06-08 06:33:28.648580 Details available
MEDIUM (5.3)
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
Published: 2024-07-22T14:20:27.250Z
Updated: 2025-11-04T17:19:51.639Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-26020 vulnerable 2026-06-08 06:31:24.659587 Details available
CRITICAL (9.6)
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.
Published: 2024-07-22T14:20:26.617Z
Updated: 2025-11-04T17:14:34.137Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.